GHSA-cg3q-59w7-rvc2

Suggest an improvement
Source
https://github.com/advisories/GHSA-cg3q-59w7-rvc2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-cg3q-59w7-rvc2/GHSA-cg3q-59w7-rvc2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-cg3q-59w7-rvc2
Aliases
Published
2021-09-29T17:12:51Z
Modified
2023-11-01T04:55:57.300164Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
Details

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

Database specific
{
    "nvd_published_at": "2021-09-27T13:15:00Z",
    "github_reviewed_at": "2021-09-28T20:32:37Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-565"
    ]
}
References

Affected packages

Packagist / getgrav/grav

Package

Name
getgrav/grav
Purl
pkg:composer/getgrav/grav

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.21

Affected versions

0.*

0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.18
0.9.19
0.9.20
0.9.21
0.9.22
0.9.23
0.9.24
0.9.25
0.9.26
0.9.27
0.9.28
0.9.29
0.9.30
0.9.31
0.9.32
0.9.33
0.9.34
0.9.35
0.9.36
0.9.37
0.9.38
0.9.39
0.9.40
0.9.41
0.9.42
0.9.43
0.9.44
0.9.45

1.*

1.0.0-rc.1
1.0.0-rc.2
1.0.0-rc.3
1.0.0-rc.4
1.0.0-rc.5
1.0.0-rc.6
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.1.0-beta.1
1.1.0-beta.2
1.1.0-beta.3
1.1.0-beta.4
1.1.0-beta.5
1.1.0-rc.1
1.1.0-rc.2
1.1.0-rc.3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9-rc.1
1.1.9-rc.2
1.1.9-rc.3
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.2.0-rc.1
1.2.0-rc.2
1.2.0-rc.3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0-rc.1
1.3.0-rc.2
1.3.0-rc.3
1.3.0-rc.4
1.3.0-rc.5
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.4.0-beta.1
1.4.0-beta.2
1.4.0-beta.3
1.4.0-rc.1
1.4.0-rc.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.5.0-beta.1
1.5.0-beta.2
1.5.0-rc.1
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.6.0-beta.1
1.6.0-beta.2
1.6.0-beta.3
1.6.0-beta.4
1.6.0-beta.5
1.6.0-beta.6
1.6.0-beta.7
1.6.0-beta.8
1.6.0-rc.1
1.6.0-rc.2
1.6.0-rc.3
1.6.0-rc.4
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.30
1.6.31
1.7.0-beta.1
1.7.0-beta.2
1.7.0-beta.3
1.7.0-beta.4
1.7.0-beta.5
1.7.0-beta.6
1.7.0-beta.7
1.7.0-beta.8
1.7.0-beta.9
1.7.0-beta.10
1.7.0-rc.1
1.7.0-rc.2
1.7.0-rc.3
1.7.0-rc.4
1.7.0-rc.5
1.7.0-rc.6
1.7.0-rc.7
1.7.0-rc.8
1.7.0-rc.9
1.7.0-rc.10
1.7.0-rc.11
1.7.0-rc.12
1.7.0-rc.13
1.7.0-rc.14
1.7.0-rc.15
1.7.0-rc.16
1.7.0-rc.17
1.7.0-rc.18
1.7.0-rc.19
1.7.0-rc.20
1.7.0
1.7.1
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.20