Description
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
References (5)
Core 5
Core References
Not Applicable, Vendor Advisory x_refsource_misc
https://www.silverstripe.org/download/security-releases/
Release Notes, Vendor Advisory x_refsource_misc
https://www.silverstripe.org/blog/tag/release
Release Notes, Vendor Advisory x_refsource_misc
https://forum.silverstripe.org/c/releases
Broken Link, Vendor Advisory x_refsource_misc
https://docs.silverstripe.org/en/4/changelogs/4.10.1/
Vendor Advisory x_refsource_misc
https://www.silverstripe.org/download/security-releases/cve-2022-24444
Scores
CVSS v3
6.5
EPSS
0.0072
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-384
Status
published
Products (3)
silverstripe/hybridsessions
1.0.0 - 2.4.1Packagist
silverstripe/silverstripe
2.5.0
silverstripe/silverstripe
< 2.4.0
Published
Jun 28, 2022
Tracked Since
Feb 18, 2026