Blogifier does not properly restrict APIs

GHSA-qcx4-gfh8-w5p5 · CVE-2019-12277

Published May 24, 2022 · Modified Apr 4, 2025

Description

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.

The issue is patched in the 2.4 branch, but 2.5.5 is the lowest available patched version on https://www.nuget.org/packages/Blogifier.Core.

Ready to move

Free, no credit card | First findings in minutes