GHSA-5r8w-66hq-rc39

Source

https://github.com/advisories/GHSA-5r8w-66hq-rc39

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-5r8w-66hq-rc39/GHSA-5r8w-66hq-rc39.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5r8w-66hq-rc39

Published

2024-05-27T18:53:40Z

Modified

2024-12-02T05:26:33.015789Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled

Details

If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-613"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-27T18:53:40Z"
}

References

Affected packages

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.19-rc1

Fixed

3.1.20

Affected versions

3.*

3.1.19-rc1

3.1.19

3.1.20-rc1

3.1.20-rc2

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2.4-rc1

Fixed

3.2.5

Affected versions

3.*

3.2.4-rc1

3.2.4

3.2.5-rc1

3.2.5-rc2

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.2-rc1

Fixed

3.3.3

Affected versions

3.*

3.3.2-rc1

3.3.2

3.3.3-rc1

3.3.3-rc2

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.4.0-rc1

Fixed

3.4.1

Affected versions

3.*

3.4.0-rc1

3.4.0

3.4.1-rc1

3.4.1-rc2