grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.
{ "nvd_published_at": "2021-09-27T13:15:00Z", "github_reviewed_at": "2021-09-28T20:32:37Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-565" ] }