0.001 Low
EPSS
Percentile
46.9%
october/october is vulnerable to information disclosure. Remote unauthenticated attackers are able to exfiltrate user private keys via non-authoritative gateway servers because the library does not validate gateway server signatures.
github.com/octobercms/october/commit/0fa592ba42eebd3c38621f14c9d9f4588278efab
github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a
github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5
github.com/shoxabbos/october/pull/2