2 matches found
CVE-2022-24742
CVE-2022-24742 affects Sylius open-source eCommerce platforms. Prior to versions 1.9.10, 1.10.11, and 1.11.2, an attacker could view data after logout if the browser tab remains open and the back button is used; the issue is fixed in those versions and later. The available workarounds involve enf...
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect...