GHSA-2xpm-cmvw-3jcc

Опубликовано: 16 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.8

Описание

Reflected XSS in Application Logger module

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14606.patch manually.

References

https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/

Ссылки

https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc
https://nvd.nist.gov/vuln/detail/CVE-2023-1312
https://github.com/pimcore/pimcore/pull/14606
https://github.com/pimcore/pimcore/pull/14606.patch
https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

< 10.5.19

10.5.19

4.8 Medium

CVSS3

Дефекты

CWE-79

4.8 Medium

CVSS3

Дефекты

CWE-79