RubyGems package
publify_core
pkg:gem/publify_core
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39311 | — | < 10.0.2 | 10.0.2 | Mar 28, 2025 | Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator | ||
| CVE-2023-0569 | — | < 9.2.10 | 9.2.10 | Jan 29, 2023 | Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | ||
| CVE-2023-0299 | — | < 9.2.10 | 9.2.10 | Jan 14, 2023 | Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | ||
| CVE-2022-2815 | — | < 9.2.10 | 9.2.10 | Jan 14, 2023 | Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | ||
| CVE-2022-1812 | — | < 9.2.10 | 9.2.10 | Jan 14, 2023 | Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | ||
| CVE-2022-1811 | — | < 9.2.9 | 9.2.9 | May 23, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | ||
| CVE-2022-1810 | — | < 9.2.9 | 9.2.9 | May 23, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | ||
| CVE-2022-1553 | — | < 9.2.8 | 9.2.8 | May 16, 2022 | Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidenti | ||
| CVE-2022-0578 | — | < 9.2.8 | 9.2.8 | May 16, 2022 | Code Injection in GitHub repository publify/publify prior to 9.2.8. | ||
| CVE-2022-0574 | — | < 9.2.8 | 9.2.8 | May 16, 2022 | Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||
| CVE-2022-0524 | — | < 9.2.7 | 9.2.7 | Feb 8, 2022 | Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | ||
| CVE-2021-25975 | — | >= 8.0, < 9.2.5 | 9.2.5 | Nov 10, 2021 | In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | ||
| CVE-2021-25974 | — | >= 8.0, < 9.2.5 | 9.2.5 | Nov 10, 2021 | In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | ||
| CVE-2021-25973 | — | >= 9.0.0.pre1, < 9.2.5 | 9.2.5 | Nov 2, 2021 | In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | ||
| CVE-2014-3211 | — | < 8.0.1 | 8.0.1 | Jan 9, 2020 | Publify before 8.0.1 is vulnerable to a Denial of Service attack |
- CVE-2024-39311Mar 28, 2025affected < 10.0.2fixed 10.0.2
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator
- CVE-2023-0569Jan 29, 2023affected < 9.2.10fixed 9.2.10
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
- CVE-2023-0299Jan 14, 2023affected < 9.2.10fixed 9.2.10
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
- CVE-2022-2815Jan 14, 2023affected < 9.2.10fixed 9.2.10
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
- CVE-2022-1812Jan 14, 2023affected < 9.2.10fixed 9.2.10
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
- CVE-2022-1811May 23, 2022affected < 9.2.9fixed 9.2.9
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
- CVE-2022-1810May 23, 2022affected < 9.2.9fixed 9.2.9
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
- CVE-2022-1553May 16, 2022affected < 9.2.8fixed 9.2.8
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidenti
- CVE-2022-0578May 16, 2022affected < 9.2.8fixed 9.2.8
Code Injection in GitHub repository publify/publify prior to 9.2.8.
- CVE-2022-0574May 16, 2022affected < 9.2.8fixed 9.2.8
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
- CVE-2022-0524Feb 8, 2022affected < 9.2.7fixed 9.2.7
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
- CVE-2021-25975Nov 10, 2021affected >= 8.0, < 9.2.5fixed 9.2.5
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
- CVE-2021-25974Nov 10, 2021affected >= 8.0, < 9.2.5fixed 9.2.5
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
- CVE-2021-25973Nov 2, 2021affected >= 9.0.0.pre1, < 9.2.5fixed 9.2.5
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
- CVE-2014-3211Jan 9, 2020affected < 8.0.1fixed 8.0.1
Publify before 8.0.1 is vulnerable to a Denial of Service attack