GHSA-66m4-gc8h-hpjx, CVE-2022-48366
packagist/ezsystems/ezpublish-kernel
Timing attack in eZ Platform Ibexa
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
All versions starting from 7.5.0 before 7.5.29
Upgrade to version 7.5.29 or above.
2023-03-16
source |