[islandora/islandora] Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository

Impact

This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.

Patches

Upgrade immediately to the latest release of Islandora.

Workarounds

In lieu of an upgrade the following module can be leveraged that will resolve the issue until such a time an upgrade can take place.

For more information

If you have any questions or comments about this advisory:

• Open an issue in Islandora
• Contact community@islandora.ca.

References

• https://github.com/Islandora/islandora/security/advisories/GHSA-m58q-qq5h-mgqq
• https://github.com/Islandora/islandora/commit/573d6878edf057987f1e41e5068de0074573e4c7
• https://github.com/Islandora/islandora/releases/tag/2.4.1
• https://github.com/advisories/GHSA-m58q-qq5h-mgqq