High severityNVD Advisory· Published Feb 8, 2022· Updated Aug 2, 2024
Business Logic Errors in publify/publify
CVE-2022-0524
Description
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
publify_coreRubyGems | < 9.2.7 | 9.2.7 |
Affected products
1- Range: unspecified
Patches
116fceecadbe8Fix setting the article password from the Admin
2 files changed · +16 −0
publify_core/app/controllers/admin/content_controller.rb+1 −0 modified@@ -180,6 +180,7 @@ def update_params :body_and_extended, :draft, :extended, + :password, :permalink, :published_at, :text_filter_name,
publify_core/spec/controllers/admin/content_controller_spec.rb+15 −0 modified@@ -160,6 +160,12 @@ def base_article(options = {}) assert_equal 2, new_article.tags.size end + it "creates an article with a password" do + post :create, params: { "article" => base_article(password: "foobar") } + new_article = Article.last + expect(new_article.password).to eq("foobar") + end + it "creates an article with a unique Tag instance named lang:FR" do post :create, params: { "article" => base_article(keywords: "lang:FR") } new_article = Article.last @@ -392,6 +398,15 @@ def base_article(options = {}) expect(article.extended).to eq("bar<!--more-->baz") end + it "allows updating password" do + put :update, params: { "id" => article.id, "article" => { + "password" => "foobar", + } } + assert_response :redirect + article.reload + expect(article.password).to eq("foobar") + end + context "when a published article has drafts" do let(:original_published_at) { 2.days.ago.to_date } let!(:original) { create(:article, published_at: original_published_at) }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-x3rq-r3cm-5vc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0524ghsaADVISORY
- github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5ghsax_refsource_MISCWEB
- github.com/publify/publify/pull/1044ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-0524.ymlghsaWEB
- huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3dghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.