=9.0.0, <9.0.6

Q: How to fix?

Upgrade jweiland/events2 to version 8.3.8, 9.0.6 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PHP-JWEILANDEVENTS2-7300337
published21 Jun 2024
disclosed21 Jun 2024
creditStefan Frömken, Torben Hansen

Report a new vulnerability Found a mistake?

Introduced: 21 Jun 2024

CWE-524 (opens in a new tab)

How to fix?

Upgrade jweiland/events2 to version 8.3.8, 9.0.6 or higher.

Overview

Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to wrong cache configuration for some actions. This can lead to caching of possible sensitive event data.

Note: Depending on the frontend user group, an authenticated frontend user might get access to cached data.

References

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
Low
Integrity (SI)
None
Availability (SA)
None