Detections
Analytics

CVE-2022-24742

medium

Description

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

References

https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p

https://github.com/Sylius/Sylius/releases/tag/v1.9.10

https://github.com/Sylius/Sylius/releases/tag/v1.11.2

https://github.com/Sylius/Sylius/releases/tag/v1.10.11

Details

Source: Mitre, NVD

Published: 2022-03-14

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00446