CVE-2022-2815
MEDIUM6.5EPSS 0.10%Publify Core does not strip metadata from images
發布日:2023/1/14修改日:2024/3/6
描述
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
受影響套件(2)
- Bitnami/publifyfrom 0, < 9.2.10
- RubyGems/publify_corefrom 0, < 9.2.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2815
- PATCHhttps://github.com/publify/publify
- WEBhttps://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd
- WEBhttps://github.com/publify/publify_core/commit/33f897c12b6efdcdfd8cf9df924deba0f878b71e
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-2815.yml
- WEBhttps://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4