october/rain Security Advisories for v1.0.355 (2)
-
[CRITICAL] October CMS Session ID not invalidated after logout
PKSA-gvvr-k6pk-nfpz CVE-2021-3311 GHSA-7ggw-h8pp-r95r
Affected version: >=1.1.0,<1.1.2|<1.0.472
Reported by:
GitHub -
[MEDIUM] Reliance on Cookies without validation in OctoberCMS
PKSA-sq51-nv4y-j4xf CVE-2020-15128 GHSA-55mm-5399-7r63
Affected version: >=1.0.319,<1.0.468
Reported by:
GitHub