GHSA-39j2-4p9j-5w4j: Ez Platform Object Injection in legacy shop module

May 15, 2024

This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that’s why it was classified as Medium severity.

References

ezplatform.com/security-advisories/ibexa-sa-2020-006-object-injection-in-legacy-shop-module
github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2020-10-05-1.yaml
github.com/advisories/GHSA-39j2-4p9j-5w4j
github.com/ezsystems/ezpublish-legacy

Code Behaviors & Features

Detect and mitigate GHSA-39j2-4p9j-5w4j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →