GHSA-47vg-483w-hp3m

Source

https://github.com/advisories/GHSA-47vg-483w-hp3m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47vg-483w-hp3m/GHSA-47vg-483w-hp3m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-47vg-483w-hp3m

Aliases

CVE-2022-1849

Published

2022-05-25T00:00:31Z

Modified

2023-11-08T04:07:51.578474Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Improper user session handling in filegator

Details

FileGator prior to version 7.8.0 is vulnerable to session fixation.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-384"
    ],
    "github_reviewed_at": "2022-05-25T22:44:17Z",
    "nvd_published_at": "2022-05-24T16:15:00Z"
}

References

Affected packages

Packagist / filegator/filegator

Package

Name: filegator/filegator
Purl: pkg:composer/filegator/filegator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.8.0

Affected versions

v7.*

v7.0.0-RC1

v7.0.0-RC2

v7.0.0-RC3

v7.0.0

v7.0.1

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.2.0

v7.2.1

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7.3.4

v7.3.5

v7.4.0

v7.4.1

v7.4.2

v7.4.3

v7.4.4

v7.4.5

v7.4.6

v7.4.7

v7.5.0

v7.5.1

v7.5.2

v7.5.3

v7.6.0

v7.7.0

v7.7.1

v7.7.2