Latest okfn ckan Vulnerabilities

CVE-2023-50248
CKAN out of memory error when submitting the dataset form with a specially-crafted field
pip/ckan>=2.10.0<2.10.3
pip/ckan>=2.0<2.9.10
Okfn Ckan>=2.0<2.9.10
Okfn Ckan>=2.10.0<2.10.3
CVE-2023-32696
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files i...
Okfn Ckan<2.9.9
Okfn Ckan=2.10.0
CVE-2023-32321
Specific vulnerabilities: * Arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `p...
Okfn Ckan>=2.9.0<2.9.9
Okfn Ckan=2.10.0
CVE-2022-43685
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser account...
Okfn Ckan<2.8.12
Okfn Ckan>=2.9.0<2.9.7
CVE-2021-25967
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in th...
Okfn Ckan>=2.9.0<=2.9.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203