EPSS
Percentile
71.5%
contao/core-bundle contains an insecure session management. The old opt-in tokens are not invalidated when a new token is confirmed.
contao.org/en/changelog/versions/4.7.html
contao.org/en/news.html
contao.org/en/news/security-vulnerability-cve-2019-10643.html