sylius/sylius is vulnerable to session fixation. The vulnerability exists because the reset password token does not reset to null after the password has been changed, allowing an attacker to change the password without permission and use the same token many times.
CPE | Name | Operator | Version |
---|---|---|---|
sylius/sylius | le | v1.10.10 | |
sylius/sylius | le | v1.11.1 | |
sylius/sylius | le | v1.10.10 | |
sylius/sylius | le | v1.11.1 |
github.com/Sylius/Sylius/commit/8f3a08a50a573be285e1e99c7dd1a147108c835a
github.com/Sylius/Sylius/commit/bd1de40d0460985b7a25ce8688c085956ffcf7c6
github.com/Sylius/Sylius/pull/13766
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g