ExpressionEngine 7.5 has been Released! Learn More!

We use cookies to improve your experience. No personal information is gathered and we don't serve ads. Cookies Policy.

ExpressionEngine
Log In Sign Up

ExpressionEngine vulnerability

News and General

melissajc's avatar
melissajc
88 posts
7 months ago
melissajc's avatar melissajc

During a recent audit, this vulnerability came up with respect to Expression Engine with versions prior to 7.2.6. Can you tell me if this can be has been resolved in EE6? We plan to upgrade to 7 soon but I need to respond to the audit committee on this.

https://www.cvedetails.com/vulnerability-list/vendor_id-7662/Expressionengine.html

       
Tom Jaeger's avatar
Tom Jaeger
408 posts
7 months ago
Tom Jaeger's avatar Tom Jaeger

Hi Melissajc,

Thanks for getting in touch about this, as well as the link.

Assuming your referencing CVE-2023-22953, this issue is not (and was not) present in EE 6.x.

Thanks,

-Tom Jaeger

       
melissajc's avatar
melissajc
88 posts
7 months ago
melissajc's avatar melissajc

Thanks Tom. That was the issue I was referencing. I thought my link went right to that, sorry. And thanks for the quick reply.

       
Tom Jaeger's avatar
Tom Jaeger
408 posts
7 months ago
Tom Jaeger's avatar Tom Jaeger

All good! No Problem!

Happy to share more if needed on the specifics as well!

Cheers!

-Tom

       

Reply

Sign In To Reply

ExpressionEngine Home Features Pro Contact Version Support
Learn Docs University Forums
Resources Support Add-Ons Partners Blog
Privacy Terms Trademark Use License

Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.