Moderate severityNVD Advisory· Published Nov 2, 2021· Updated Apr 30, 2025
Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
CVE-2021-25973
Description
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
publify_coreRubyGems | >= 9.0.0.pre1, < 9.2.5 | 9.2.5 |
Affected products
3- osv-coords2 versions
>= 9.0.0, < 9.2.4+ 1 more
- (no CPE)range: >= 9.0.0, < 9.2.4
- (no CPE)range: >= 9.0.0.pre1, < 9.2.5
- publify_core/publify_corev5Range: 9.0.0.pre1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x24j-87x9-jvv5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25973ghsaADVISORY
- github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387eghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2021-25973.ymlghsaWEB
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.