Lucene search
Veracode Vulnerability DatabaseVERACODE:34696HistoryMar 15, 2022 - 11:14 a.m.
Information Disclosure
2022-03-1511:14:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
0.001 Low
EPSS
Percentile
32.0%
sylius/sylius is vulnerable to information disclosure. Remote unauthenticated attackers are able to view the user data if browser tab remains unclosed after log out, resulting in disclosure of sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sylius/sylius | le | v1.10.10 | |
| sylius/sylius | le | v1.11.1 | |
| sylius/sylius | le | v1.9.9 | |
| sylius/sylius | le | v1.10.10 | |
| sylius/sylius | le | v1.11.1 | |
| sylius/sylius | le | v1.9.9 |
References
github.com/Sylius/Sylius/commit/253f66b9abfc9897d343153e18d516c6364cfe13
github.com/Sylius/Sylius/pull/13765
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/releases/tag/v1.9.10
github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p
Related
cvelist
cvelist
github
github
Sensitive Information Exposure in Sylius
2022-03-14 22:26:58
osv
osv
CVE-2022-24742
2022-03-14 20:15:08
Sensitive Information Exposure in Sylius
2022-03-14 22:26:58
cve
cve
CVE-2022-24742
2022-03-14 20:15:08
prion
prion
Design/Logic Flaw
2022-03-14 20:15:00
nvd
nvd
CVE-2022-24742
2022-03-14 20:15:08
cnvd
cnvd
Sylius Information Disclosure Vulnerability (CNVD-2022-20525)
2022-03-16 00:00:00