Описание
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- MitigationThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.10 (исключая)Версия от 1.10.0 (включая) до 1.10.11 (исключая)Версия от 1.11.0 (включая) до 1.11.2 (исключая)
Одно из
cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*
cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*
cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00353
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
CWE-668
Связанные уязвимости
EPSS
Процентиль: 57%
0.00353
Низкий
5 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
CWE-668