ezsystems and ibexa/core are vulnerable to Timing Attacks. The vulnerability exists because the library uses random execution time to hinder timing attacks against user accounts which allows a remote attacker to discover whether a given account exists in a system without knowing its password, resulting in sensitive user information disclosure.
developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
github.com/advisories/GHSA-66m4-gc8h-hpjx
github.com/ezsystems/ezplatform-kernel/commit/09d3ee4c36ce22f75d5ec3f22edf3d74eb158211
github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
github.com/ezsystems/ezpublish-kernel/commit/913fe17281536a91437d94e8267181ae8b57f5d5
github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
github.com/ibexa/core/commit/ba1ca5aaa50e0eb023d9d52bd273ef1680cc840c
github.com/ibexa/core/commit/bdc3b83501da13c9f8d1754e4bb531a976dc18e2