Lucene search
Veracode Vulnerability DatabaseVERACODE:34686HistoryMar 15, 2022 - 5:10 a.m.
Session Fixation
2022-03-1505:10:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
sylius
session fixation
vulnerability
password reset
EPSS
0.001
Percentile
42.8%
sylius/sylius is vulnerable to session fixation. The vulnerability exists because the reset password token does not reset to null after the password has been changed, allowing an attacker to change the password without permission and use the same token many times.
References
github.com/Sylius/Sylius/commit/8f3a08a50a573be285e1e99c7dd1a147108c835a
github.com/Sylius/Sylius/commit/bd1de40d0460985b7a25ce8688c085956ffcf7c6
github.com/Sylius/Sylius/pull/13766
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g
Related
nvd
nvd
CVE-2022-24743
2022-03-14 21:15:07
cvelist
cvelist
CVE-2022-24743 Insufficient Session Expiration in Sylius
2022-03-14 21:00:14
prion
prion
Default credentials
2022-03-14 21:15:00
github
github
Insufficient Session Expiration in Sylius
2022-03-14 22:30:46
osv
osv
Insufficient Session Expiration in Sylius
2022-03-14 22:30:46
CVE-2022-24743
2022-03-14 21:15:07
cnvd
cnvd
Sylius code issue vulnerability
2022-03-16 00:00:00
cve
cve
CVE-2022-24743
2022-03-14 21:15:07