This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Security Advisories

Security Advisories

NB: These advisories are being moved to https://ezplatform.com/security-advisories
For a while you will find them in both places, but eventually they will be removed from here.

If you come across a security issue in our products, here is how you can report it to us: https://doc.ezplatform.com/en/latest/guide/reporting_issues/

Security Advisories

EZSA-2020-001: Remote code execution in file uploads

Wednesday 19 February 2020 09:20

Severity : High

EZSA-2019-008: Remote code execution in PHP-FPM

Thursday 07 November 2019 12:18

Severity : High

EZSA-2019-007: Prevent accepting app.php in URL in Platform.sh

Monday 02 September 2019 03:10

Severity : Low

EZSA-2019-005: Bundled jQuery affected by CVE-2019-11358

Friday 05 July 2019 10:22

Severity : Medium

EZSA-2019-004: CSRF token in login form is disabled by default

Thursday 27 June 2019 12:43

Severity : High

EZSA-2019-003: XSS in eZFind spellcheck

Thursday 23 May 2019 10:43

Severity : High

EZSA-2019-002: Password reset vulnerability

Tuesday 02 April 2019 02:34

Severity : High

EZSA-2019-001: XSS in Admin UI

Tuesday 12 March 2019 04:23

Severity : High

EZSA-2018-010: Symfony security advisories

Monday 10 December 2018 04:42

Severity : High

EZSA-2018-009: Do not interpret PHP/PHAR uploads

Wednesday 21 November 2018 01:11

Severity : High

EZSA-2018-008: REST API returns list of all SiteAccesses

Tuesday 20 November 2018 03:20

Severity : Medium

EZSA-2018-007: User data disclosure

Tuesday 20 November 2018 02:49

Severity : High

EZSA-2018-006: XSS vulnerability in 'disabled module' error template

Thursday 01 November 2018 11:21

Severity : Medium

EZSA-2018-005: Passwordless login for LDAP users

Wednesday 31 October 2018 01:31

Severity : High

EZSA-2018-004: Symfony security advisories

Thursday 31 May 2018 11:05

Severity : High

EZSA-2018-003: 4-byte UTF-8 in MySQL/MariaDB

Thursday 24 May 2018 04:14

Severity : High

EZSA-2018-002: The files uploaded via packages component are executable

Monday 26 February 2018 04:40

Severity : High

EZSA-2017-006: Information disclosure in backend content tree menu

Thursday 07 September 2017 01:48

Severity : Medium

36 542 Users on board!

Community Project menu

Proudly Developed with from