If remember me is on and users log in with the box checked, if the developer then disabled “remember me” function, any pre-existing cookies will continue to authenticate users.
Vendor | Product | Version | CPE |
---|---|---|---|
silverstripe | framework | * | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-5r8w-66hq-rc39
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml
github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822
github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e
github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f
github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6
www.silverstripe.org/download/security-releases/ss-2016-014