Skip to content

Any storage file can be downloaded from p.sh if full server path is known

High
glye published GHSA-gqcf-83rq-gpfr Sep 14, 2021

Package

composer ibexa/post-install (Composer)

Affected versions

v1.0.4

Patched versions

v1.0.4.1

Description

https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs