GHSA-g8pg-33v4-9r96

Опубликовано: 30 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Thelia authentication bypass vulnerability

An authentication bypass was identifed in thelia/thelia project for customer and admin. This vulnerability is present from version 2.1.0-beta1 and is fixed in 2.1.3 and 2.2.0-alpha1.

Ссылки

https://github.com/thelia/thelia/commit/028cfcf507cd8685772e156ec0c860034d407094
https://github.com/FriendsOfPHP/security-advisories/blob/master/thelia/thelia/2015-04-13-1.yaml
https://web.archive.org/web/20160502224630/http://thelia.net/version-2-1-3-with-security-fix

Пакеты

Наименование

thelia/thelia

composer

Затронутые версииВерсия исправления

>= 2.1.0-beta1, < 2.1.3

2.1.3

7.5 High

CVSS3

Дефекты

CWE-287

7.5 High

CVSS3

Дефекты

CWE-287