VYPR
Moderate severityNVD Advisory· Published Nov 2, 2021· Updated Apr 30, 2025

Publify - Improper Authorization Leads to Guest Signup Restriction Bypass

CVE-2021-25973

Description

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
publify_coreRubyGems
>= 9.0.0.pre1, < 9.2.59.2.5

Affected products

3
  • osv-coords2 versions
    >= 9.0.0, < 9.2.4+ 1 more
    • (no CPE)range: >= 9.0.0, < 9.2.4
    • (no CPE)range: >= 9.0.0.pre1, < 9.2.5
  • publify_core/publify_corev5
    Range: 9.0.0.pre1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.