GMS-2022-3125: Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository

July 21, 2022

This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.

References

github.com/Islandora/islandora/commit/573d6878edf057987f1e41e5068de0074573e4c7
github.com/Islandora/islandora/releases/tag/2.4.1
github.com/Islandora/islandora/security/advisories/GHSA-m58q-qq5h-mgqq
github.com/advisories/GHSA-m58q-qq5h-mgqq

Code Behaviors & Features

Detect and mitigate GMS-2022-3125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →