See on RubyGems

publify_core 9.2.8

7 security vulnerabilities found in version 9.2.8

Publify Improper Input Validation vulnerability

critical severity CVE-2023-0299
critical severity CVE-2023-0299
Patched versions: >= 9.2.10

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

Integer overflow in publify_core

critical severity CVE-2022-1812
critical severity CVE-2022-1812
Patched versions: >= 9.2.10

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.

Cross site scripting in publify

high severity CVE-2022-1811
high severity CVE-2022-1811
Patched versions: >= 9.2.9

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.

Publify contains Weak Password Requirements

medium severity CVE-2023-0569
medium severity CVE-2023-0569
Patched versions: >= 9.2.10

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

Publify Core does not strip metadata from images

medium severity CVE-2022-2815
medium severity CVE-2022-2815
Patched versions: >= 9.2.10

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

Improper Access Control in publify

medium severity CVE-2022-1810
medium severity CVE-2022-1810
Patched versions: >= 9.2.9

A low-privileged user can modify and delete admin articles just by changing the value of the article[id] parameter prior to 9.2.9.

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

low severity CVE-2024-39311
low severity CVE-2024-39311
Patched versions: >= 10.0.2

Summary

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality.

Details

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link.

We can create a redirect to a javascript:alert() URL. Whilst the redirect itself doesn't work, on the administrative panel, an a tag is created with the payload as the URI. Upon clicking this link, the XSS is triggered.

An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link.

Impact

A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator."

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.