Skip to content

Improper session management for soft logout

Moderate
matks published GHSA-557h-hf3c-whcg Feb 22, 2021

Package

No package listed

Affected versions

> 1.5.0.0

Patched versions

1.7.7.2

Description

Impact

The soft logout system is not complete and an attacker is able to foreign request and executes customer commands.

Patches

The problem is fixed in 1.7.7.2

References

Improper Authentication - Generic (CWE-287)

Severity

Moderate

CVE ID

CVE-2021-21308

Weaknesses

No CWEs

Credits