Vulnerability in Sylius
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the e…
EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N.
Affected products
- Sylius — versions < 1.10.11, >= 1.11.0, < 1.11.2
Weakness classification (CWE)
References
- github.com/Sylius/Sylius/releases/tag/v1.10.11 (x_refsource_MISC)
- github.com/Sylius/Sylius/releases/tag/v1.11.2 (x_refsource_MISC)
- github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2022-24743?
- CVE-2022-24743 is a high-severity vulnerability in Sylius, classified under Insufficient Session Expiration. CVSS score: 7.1/10. Published 2022-03-14.
- How severe is CVE-2022-24743?
- High severity. CVSS v3 base score is 7.1 out of 10.