Lucene search
Veracode Vulnerability DatabaseVERACODE:34696HistoryMar 15, 2022 - 11:14 a.m.
Information Disclosure
2022-03-1511:14:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22
sylius
information disclosure
remote attackers
user data
sensitive information
EPSS
0.001
Percentile
32.0%
sylius/sylius is vulnerable to information disclosure. Remote unauthenticated attackers are able to view the user data if browser tab remains unclosed after log out, resulting in disclosure of sensitive information.
References
github.com/Sylius/Sylius/commit/253f66b9abfc9897d343153e18d516c6364cfe13
github.com/Sylius/Sylius/pull/13765
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/releases/tag/v1.9.10
github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p
Related
cvelist
cvelist
github
github
Sensitive Information Exposure in Sylius
2022-03-14 22:26:58
cve
cve
CVE-2022-24742
2022-03-14 20:15:08
osv
osv
Sensitive Information Exposure in Sylius
2022-03-14 22:26:58
CVE-2022-24742
2022-03-14 20:15:08
prion
prion
Design/Logic Flaw
2022-03-14 20:15:00
cnvd
cnvd
Sylius Information Disclosure Vulnerability (CNVD-2022-20525)
2022-03-16 00:00:00
nvd
nvd
CVE-2022-24742
2022-03-14 20:15:08