Describe the issue or problem
Just wondering if this vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-4863 is effecting our OJS.
Steps I took leading up to the issue
I heard it from a colleague and web search.
What application are you using?
OJS 3.3.0-14.
Additional information
I hope you don’t mind I asked. Thanks!
Hi @dung,
There are one or two image manipulation operations performed within PKP software – e.g. creation of thumbnails of various sizes when cover images are uploaded to submissions. It’s very unlikely that these could be abused but I suppose it’s possible. I wouldn’t lose sleep over it, but updating the underlying tools on the server is the best way to mitigate any risk; these libraries aren’t bundled with OJS itself.
Regards,
Alec Smecher
Public Knowledge Project Team