CVE-2021-3818

MEDIUM6.3EPSS 0.29%

Reliance on Cookies without Validation and Integrity Checking in getgrav/grav

Published: 9/29/2021Modified: 11/8/2023

Description

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

Affected packages (1)

Packagist/getgrav/gravfrom 0, < 1.7.21

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References (3)

PATCHhttps://github.com/getgrav/grav
WEBhttps://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
WEBhttps://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea