Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
Permalink: https://github.com/advisories/GHSA-5r8w-66hq-rc39JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 7 months ago
Updated: 7 months ago
CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-5r8w-66hq-rc39
References:
- https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822
- https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e
- https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f
- https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml
- https://www.silverstripe.org/download/security-releases/ss-2016-014
- https://github.com/advisories/GHSA-5r8w-66hq-rc39
Blast Radius: 11.3
Affected Packages
packagist:silverstripe/framework
Dependent packages: 2,391Dependent repositories: 4,288
Downloads: 2,851,967 total
Affected Version Ranges: >= 3.4.0-rc1, < 3.4.1, >= 3.3.2-rc1, < 3.3.3, >= 3.2.4-rc1, < 3.2.5, >= 3.1.19-rc1, < 3.1.20
Fixed in: 3.4.1, 3.3.3, 3.2.5, 3.1.20
All affected versions: 3.1.19, 3.1.19-rc1, 3.2.4, 3.2.4-rc1, 3.3.2, 3.3.2-rc1, 3.4.0, 3.4.0-rc1
All unaffected versions: 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.20, 3.1.21, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.5, 3.2.6, 3.3.0, 3.3.1, 3.3.3, 3.3.4, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 4.10.11, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.11.7, 4.11.8, 4.11.9, 4.11.10, 4.11.11, 4.11.12, 4.11.13, 4.11.14, 4.11.15, 4.11.16, 4.12.0, 4.12.1, 4.12.2, 4.12.3, 4.12.4, 4.12.5, 4.12.6, 4.12.7, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.13.4, 4.13.5, 4.13.6, 4.13.7, 4.13.8, 4.13.9, 4.13.10, 4.13.11, 4.13.12, 4.13.13, 4.13.14, 4.13.15, 4.13.16, 4.13.17, 4.13.18, 4.13.19, 4.13.20, 4.13.21, 4.13.22, 4.13.23, 4.13.24, 4.13.25, 4.13.26, 4.13.27, 4.13.28, 4.13.29, 4.13.30, 4.13.31, 4.13.32, 4.13.33, 4.13.34, 4.13.35, 4.13.36, 4.13.37, 4.13.38, 4.13.39, 4.13.40, 4.13.41, 4.13.42, 4.13.43, 4.13.44, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.20, 5.2.21, 5.2.22, 5.3.0, 5.3.1, 5.3.2, 5.3.3