0.005 Low
EPSS
Percentile
75.6%
apostrophe uses insecure session management. The session object does not exist in task requests, allowing a malicious user to hijack logged-in user’s sessions recently.
github.com/apostrophecms/apostrophe/commit/c211b211f9f4303a77a307cf41aac9b4ef8d2c7c
github.com/apostrophecms/apostrophe/pull/3387