Description
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce
Exploit, Patch, Third Party Advisory
https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb
Scores
CVSS v3
4.3
EPSS
0.0008
EPSS Percentile
23.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-639
Status
published
Products (2)
publify_project/publify
< 9.2.9
rubygems/publify_core
0 - 9.2.9RubyGems
Published
May 23, 2022
Tracked Since
Feb 18, 2026