Information Exposure Affecting sylius/sylius package, versions <1.9.10>=1.10.0, <1.10.11>=1.11.0, <1.11.2


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.1% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-SYLIUSSYLIUS-2423462
  • published15 Mar 2022
  • disclosed15 Mar 2022
  • creditUnknown

Introduced: 15 Mar 2022

CVE-2022-24742  (opens in a new tab)
CWE-213  (opens in a new tab)

How to fix?

Upgrade sylius/sylius to version 1.9.10, 1.10.11, 1.11.2 or higher.

Overview

sylius/sylius is a platform for PHP, based on Symfony framework.

Affected versions of this package are vulnerable to Information Exposure by allowing other users to view the data on tabs the victim was logged in if the tab remains unclosed after log out.

Workaround

The application must strictly redirect to login page even when the back button is pressed. Another possibility is to set more strict cache policies for restricted content.

CVSS Scores

version 3.1