GHSA-w7r7-r8r9-vrg2

Suggest an improvement
Source
https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-w7r7-r8r9-vrg2/GHSA-w7r7-r8r9-vrg2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-w7r7-r8r9-vrg2
Aliases
Published
2019-11-12T23:01:39Z
Modified
2024-02-17T05:35:20.201132Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Session fixation in change password form
Details

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-384"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-12T22:50:24Z"
}
References

Affected packages

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.7.0
Fixed
3.7.4

Affected versions

3.*

3.7.0
3.7.1-rc1
3.7.1
3.7.2
3.7.3

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6.0
Fixed
3.6.8

Affected versions

3.*

3.6.0
3.6.1-alpha2
3.6.1
3.6.2-beta1
3.6.2-beta2
3.6.2
3.6.3-rc2
3.6.3
3.6.4
3.6.5
3.6.6-rc1
3.6.6
3.6.7

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.3.5

Affected versions

4.*

4.0.0
4.0.1-rc1
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0-rc1
4.1.0-rc2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.2.0-beta1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0-rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4