CVE-2022-0578 (publify_core): Code injection in publify

May 17th, 2022

Code injection in publify

Published: May 17, 2022

SECURITY IDENTIFIERS

CVE: CVE-2022-0578 (NVD)
GHSA: GHSA-w78q-4w34-jrjx
Vendor Advisory: https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7

GEM

SEVERITY

CVSS v3.x: 6.5 (Medium)

PATCHED VERSIONS

>= 9.2.8

DESCRIPTION

Code Injection in GitHub repository publify/publify prior to 9.2.8.

RELATED

https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc