CVE-2021-32648

Patch your code for October CMS Auth Bypass CVE-2021-32648

Instructions

Open the file vendor/october/rain/src/Auth/Models/User.php
Perform the patch found in these diff notes
Save the file

Overview

You are converting a loose comparison to a strict comparison by replacing two (2) equal signs == with three (3) equal signs ===. This blocks the attack vector as described in CVE-2021-32648 and also CVE-2021-29487.

This issue has been patched in October CMS Build 472 (v1.0.472+) and v1.1.5+. This issue does not affect v2.0.0+.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
User.php		User.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

User.php

User.php

Repository files navigation

CVE-2021-32648

Instructions

Overview

About

Releases

Packages

Languages

daftspunk/CVE-2021-32648

Folders and files

Latest commit

History

README.md

README.md

User.php

User.php

Repository files navigation

CVE-2021-32648

Instructions

Overview

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages