CVE-2021-3818 – getgrav/grav

Package

Manager: composer
Name: getgrav/grav
Vulnerable Version: >=0 <1.7.21

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00294 pctl0.52296

Details

Reliance on Cookies without Validation and Integrity Checking in getgrav/grav grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

Metadata

Created: 2021-09-29T17:12:51Z
Modified: 2021-09-28T20:32:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-cg3q-59w7-rvc2/GHSA-cg3q-59w7-rvc2.json
CWE IDs: ["CWE-565"]
Alternative ID: GHSA-cg3q-59w7-rvc2
Finding: F042
Auto approve: 1