publify_core 9.2.7
Publify Improper Input Validation vulnerability
critical severity CVE-2023-0299>= 9.2.10
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
Integer overflow in publify_core
critical severity CVE-2022-1812>= 9.2.10
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.
Cross site scripting in publify
high severity CVE-2022-1811>= 9.2.9
Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.
Publify contains Weak Password Requirements
medium severity CVE-2023-0569>= 9.2.10
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
Publify Core does not strip metadata from images
medium severity CVE-2022-2815>= 9.2.10
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
Improper Access Control in publify
medium severity CVE-2022-1810>= 9.2.9
A low-privileged user can modify and delete admin articles just by changing the value of the article[id] parameter prior to 9.2.9.
Article metadata exposure in publify
medium severity CVE-2022-1553>= 9.2.8
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.
Code injection in publify
medium severity CVE-2022-0578>= 9.2.8
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Incorrect Authorization in publify
medium severity CVE-2022-0574>= 9.2.8
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.