See on RubyGems

publify_core 9.2.6

10 security vulnerabilities found in version 9.2.6

Publify Improper Input Validation vulnerability

critical severity CVE-2023-0299
critical severity CVE-2023-0299
Patched versions: >= 9.2.10

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

Integer overflow in publify_core

critical severity CVE-2022-1812
critical severity CVE-2022-1812
Patched versions: >= 9.2.10

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.

Cross site scripting in publify

high severity CVE-2022-1811
high severity CVE-2022-1811
Patched versions: >= 9.2.9

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.

Publify contains Weak Password Requirements

medium severity CVE-2023-0569
medium severity CVE-2023-0569
Patched versions: >= 9.2.10

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

Publify Core does not strip metadata from images

medium severity CVE-2022-2815
medium severity CVE-2022-2815
Patched versions: >= 9.2.10

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

Improper Access Control in publify

medium severity CVE-2022-1810
medium severity CVE-2022-1810
Patched versions: >= 9.2.9

A low-privileged user can modify and delete admin articles just by changing the value of the article[id] parameter prior to 9.2.9.

Article metadata exposure in publify

medium severity CVE-2022-1553
medium severity CVE-2022-1553
Patched versions: >= 9.2.8

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.

Code injection in publify

medium severity CVE-2022-0578
medium severity CVE-2022-0578
Patched versions: >= 9.2.8

Code Injection in GitHub repository publify/publify prior to 9.2.8.

Incorrect Authorization in publify

medium severity CVE-2022-0574
medium severity CVE-2022-0574
Patched versions: >= 9.2.8

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.

Business Logic Errors in Publify

medium severity CVE-2022-0524
medium severity CVE-2022-0524
Patched versions: >= 9.2.7

Publify (formerly known as Typo) prior to version 9.2.7 is vulnerable to business logic errors.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.