Clickjacking Affecting sylius/sylius package, versions <1.9.10>=1.10.0, <1.10.11>=1.11.0, <1.11.2


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.2% (60th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-SYLIUSSYLIUS-2423463
  • published15 Mar 2022
  • disclosed15 Mar 2022
  • creditUnknown

Introduced: 15 Mar 2022

CVE-2022-24733  (opens in a new tab)
CWE-1021  (opens in a new tab)

How to fix?

Upgrade sylius/sylius to version 1.9.10, 1.10.11, 1.11.2 or higher.

Overview

sylius/sylius is a platform for PHP, based on Symfony framework.

Affected versions of this package are vulnerable to Clickjacking via loading a website within an iframe in an attacker-controlled webpage.

Workaround

Every response from app should have an X-Frame-Options header set to: sameorigin. To achieve that, add a new subscriber in the app.

CVSS Scores

version 3.1