CVE-2021-3818

MEDIUM6.3EPSS 0.29%

Reliance on Cookies without Validation and Integrity Checking in getgrav/grav

發布日:2021/9/29修改日:2023/11/8

描述

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

受影響套件(1)

Packagist/getgrav/gravfrom 0, < 1.7.21

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

參考連結(3)

PATCHhttps://github.com/getgrav/grav
WEBhttps://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
WEBhttps://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea