CVE-2021-3311

Insufficient Session Expiration in packagist/october/october

Identifier

CVE-2021-3311

Package Slug

packagist/october/october

Vulnerability

Insufficient Session Expiration

Description

An issue was discovered in October through build It reactivates an old session ID (which had been invalid after a logout) once a new login occurs.

Affected Versions

All versions up to 1.0.471

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2021-02-10

source