GHSA-5r8w-66hq-rc39 – silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=3.1.19-rc1 <3.1.20 || >=3.2.4-rc1 <3.2.5 || >=3.3.2-rc1 <3.3.3 || >=3.4.0-rc1 <3.4.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.

Metadata

Created: 2024-05-27T18:53:40Z
Modified: 2024-05-27T18:53:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-5r8w-66hq-rc39/GHSA-5r8w-66hq-rc39.json
CWE IDs: ["CWE-613"]
Alternative ID: N/A
Finding: F280
Auto approve: 1