ckan is vulnerable to arbitrary code execution. The vulnerability exists in user_create
function in create.py
because the existing user id not properly validated which allows an attacker to take over an existing account and execute malicious code into the system.
ckan.org/
ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
docs.ckan.org/en/2.9/changelog.html#v-2-9-7-2022-10-26
docs.ckan.org/en/2.9/changelog.html#v-2-9-7-2022-10-26
github.com/advisories/GHSA-m2xp-jxfg-qq6g
github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa