See on RubyGems

publify_core 9.2.1

14 security vulnerabilities found in version 9.2.1

Publify Improper Input Validation vulnerability

critical severity CVE-2023-0299
critical severity CVE-2023-0299
Patched versions: >= 9.2.10

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

Integer overflow in publify_core

critical severity CVE-2022-1812
critical severity CVE-2022-1812
Patched versions: >= 9.2.10

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.

Cross site scripting in publify

high severity CVE-2022-1811
high severity CVE-2022-1811
Patched versions: >= 9.2.9

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.

Publify contains Weak Password Requirements

medium severity CVE-2023-0569
medium severity CVE-2023-0569
Patched versions: >= 9.2.10

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

Publify Core does not strip metadata from images

medium severity CVE-2022-2815
medium severity CVE-2022-2815
Patched versions: >= 9.2.10

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

Improper Access Control in publify

medium severity CVE-2022-1810
medium severity CVE-2022-1810
Patched versions: >= 9.2.9

A low-privileged user can modify and delete admin articles just by changing the value of the article[id] parameter prior to 9.2.9.

Article metadata exposure in publify

medium severity CVE-2022-1553
medium severity CVE-2022-1553
Patched versions: >= 9.2.8

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.

Code injection in publify

medium severity CVE-2022-0578
medium severity CVE-2022-0578
Patched versions: >= 9.2.8

Code Injection in GitHub repository publify/publify prior to 9.2.8.

Incorrect Authorization in publify

medium severity CVE-2022-0574
medium severity CVE-2022-0574
Patched versions: >= 9.2.8

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.

Business Logic Errors in Publify

medium severity CVE-2022-0524
medium severity CVE-2022-0524
Patched versions: >= 9.2.7

Publify (formerly known as Typo) prior to version 9.2.7 is vulnerable to business logic errors.

Cross site scripting in publify

medium severity CVE-2021-25975
medium severity CVE-2021-25975
Patched versions: >= 9.2.5
Unaffected versions: < 8.0

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with 'publisher' role to inject malicious JavaScript via the uploaded html file.

Cross site scripting in publify

medium severity CVE-2021-25974
medium severity CVE-2021-25974
Patched versions: >= 9.2.5
Unaffected versions: < 8.0

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a 'publisher' role is able to inject and execute arbitrary JavaScript code while creating a page/article.

Improper Authorization in Publify

medium severity CVE-2021-25973
medium severity CVE-2021-25973
Patched versions: >= 9.2.5
Unaffected versions: < 9.0.0.pre1

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

low severity CVE-2024-39311
low severity CVE-2024-39311
Patched versions: >= 10.0.2

Summary

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality.

Details

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link.

We can create a redirect to a javascript:alert() URL. Whilst the redirect itself doesn't work, on the administrative panel, an a tag is created with the payload as the URI. Upon clicking this link, the XSS is triggered.

An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link.

Impact

A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator."

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.