Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12cHE5LWM2N3EtMjNmcc4AAYvw
Fastly Magento2 sensitive information disclosure
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Permalink: https://github.com/advisories/GHSA-vpq9-c67q-23fqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cHE5LWM2N3EtMjNmcc4AAYvw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 24 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-vpq9-c67q-23fq, CVE-2017-13761
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-13761
- https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2
- https://github.com/advisories/GHSA-vpq9-c67q-23fq
Affected Packages
packagist:fastly/magento2
Dependent packages: 1Dependent repositories: 11
Downloads: 2,803,345 total
Affected Version Ranges: < 1.2.26
Fixed in: 1.2.26
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.2.22, 1.2.23, 1.2.24, 1.2.25
All unaffected versions: 1.2.26, 1.2.27, 1.2.28, 1.2.29, 1.2.30, 1.2.31, 1.2.32, 1.2.33, 1.2.34, 1.2.35, 1.2.36, 1.2.37, 1.2.38, 1.2.39, 1.2.40, 1.2.41, 1.2.42, 1.2.43, 1.2.44, 1.2.45, 1.2.46, 1.2.47, 1.2.48, 1.2.49, 1.2.50, 1.2.51, 1.2.52, 1.2.53, 1.2.54, 1.2.55, 1.2.56, 1.2.57, 1.2.58, 1.2.59, 1.2.60, 1.2.61, 1.2.62, 1.2.63, 1.2.64, 1.2.65, 1.2.66, 1.2.67, 1.2.68, 1.2.69, 1.2.70, 1.2.71, 1.2.72, 1.2.73, 1.2.74, 1.2.75, 1.2.76, 1.2.77, 1.2.78, 1.2.79, 1.2.80, 1.2.81, 1.2.82, 1.2.83, 1.2.84, 1.2.85, 1.2.86, 1.2.87, 1.2.88, 1.2.89, 1.2.90, 1.2.91, 1.2.92, 1.2.93, 1.2.94, 1.2.95, 1.2.96, 1.2.97, 1.2.98, 1.2.99, 1.2.100, 1.2.101, 1.2.102, 1.2.103, 1.2.104, 1.2.105, 1.2.106, 1.2.107, 1.2.108, 1.2.109, 1.2.110, 1.2.111, 1.2.112, 1.2.113, 1.2.114, 1.2.115, 1.2.116, 1.2.117, 1.2.118, 1.2.119, 1.2.120, 1.2.121, 1.2.122, 1.2.123, 1.2.124, 1.2.125, 1.2.126, 1.2.127, 1.2.128, 1.2.129, 1.2.130, 1.2.131, 1.2.132, 1.2.133, 1.2.134, 1.2.135, 1.2.136, 1.2.137, 1.2.138, 1.2.139, 1.2.140, 1.2.141, 1.2.142, 1.2.144, 1.2.145, 1.2.146, 1.2.147, 1.2.148, 1.2.149, 1.2.150, 1.2.151, 1.2.152, 1.2.153, 1.2.154, 1.2.155, 1.2.156, 1.2.157, 1.2.158, 1.2.159, 1.2.160, 1.2.161, 1.2.162, 1.2.163, 1.2.164, 1.2.165, 1.2.166, 1.2.167, 1.2.168, 1.2.169, 1.2.170, 1.2.171, 1.2.172, 1.2.173, 1.2.174, 1.2.175, 1.2.176, 1.2.177, 1.2.178, 1.2.179, 1.2.180, 1.2.181, 1.2.182, 1.2.183, 1.2.184, 1.2.185, 1.2.186, 1.2.187, 1.2.188, 1.2.189, 1.2.190, 1.2.191, 1.2.192, 1.2.193, 1.2.194, 1.2.195, 1.2.196, 1.2.197, 1.2.198, 1.2.199, 1.2.200, 1.2.201, 1.2.202, 1.2.203, 1.2.204, 1.2.205, 1.2.206, 1.2.207, 1.2.208, 1.2.210, 1.2.211, 1.2.212, 1.2.213, 1.2.214, 1.2.215, 1.2.216, 1.2.217