2 results (0.007 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0. @fastify/session es un complemento de sesión para fastify. • https://github.com/fastify/session/commit/0495ce5b534c4550f25228821db8098293439f2f https://github.com/fastify/session/issues/251 https://github.com/fastify/session/security/advisories/GHSA-pj27-2xvp-4qxg • CWE-613: Insufficient Session Expiration •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. El paquete Session 1.x en versiones anteriores a 1.3.1 para Joomla! Framework permite a atacantes remotos ejecutar código arbitrario a través de valores de sesión no especificados. • https://www.exploit-db.com/exploits/39033 http://www.securityfocus.com/bid/79197 https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html •