Critical severityNVD Advisory· Published Jan 14, 2023· Updated Apr 7, 2025
Integer Overflow or Wraparound in publify/publify
CVE-2022-1812
Description
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
publify_coreRubyGems | < 9.2.10 | 9.2.10 |
Affected products
1- Range: unspecified
Patches
129a5837c2962Validate length of user's name attribute
2 files changed · +5 −0
publify_core/app/models/user.rb+1 −0 modified@@ -22,6 +22,7 @@ class User < ApplicationRecord validates :email, :login, presence: true validates :login, length: { in: 3..40 } validates_default_string_length :email, :text_filter_name + validates :name, length: { maximum: 2048 } belongs_to :resource, optional: true has_many :notifications, foreign_key: "notify_user_id"
publify_core/spec/models/user_spec.rb+4 −0 modified@@ -49,6 +49,10 @@ expect(user).to validate_length_of(:email).is_at_most(255) end + it "requires name to not be too long" do + expect(user).to validate_length_of(:name).is_at_most(2048) + end + it "requires first name to not be too long" do expect(user).to validate_length_of(:firstname).is_at_most(256) end
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-rc42-jghf-vr8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1812ghsaADVISORY
- github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41aghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-1812.ymlghsaWEB
- huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3ghsaWEB
News mentions
0No linked articles in our index yet.