CVE-2022-48366
Timing attack in eZ Platform Ibexa in packagist/ezsystems/ezplatform-kernel
Identifiers
GHSA-66m4-gc8h-hpjx, CVE-2022-48366
Package Slug
packagist/ezsystems/ezplatform-kernel
Vulnerability
Timing attack in eZ Platform Ibexa
Description
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Affected Versions
All versions starting from 1.3.0 before 1.3.19
Solution
Upgrade to version 1.3.19 or above.
Last Modified
2023-03-16
| source |