Critical severityOSV Advisory· Published Apr 17, 2019· Updated Aug 4, 2024
CVE-2019-10641
CVE-2019-10641
Description
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
contao/contaoPackagist | >= 4.0.0, < 4.4.37 | 4.4.37 |
contao/contaoPackagist | >= 4.5.0, < 4.7.3 | 4.7.3 |
contao/core-bundlePackagist | >= 4.0.0, < 4.4.37 | 4.4.37 |
contao/core-bundlePackagist | >= 4.5.0, < 4.7.3 | 4.7.3 |
contao/corePackagist | >= 3.0.0, < 3.5.39 | 3.5.39 |
Affected products
4- ghsa-coords3 versions
>= 4.0.0, < 4.4.37+ 2 more
- (no CPE)range: >= 4.0.0, < 4.4.37
- (no CPE)range: >= 3.0.0, < 3.5.39
- (no CPE)range: >= 4.0.0, < 4.4.37
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-vcgg-hp4r-87gxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10641ghsaADVISORY
- contao.org/en/news.htmlmitrex_refsource_CONFIRM
- contao.org/en/news/security-vulnerability-cve-2019-10641.htmlghsax_refsource_CONFIRMWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yamlghsaWEB
- github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28feghsaWEB
- github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8ghsaWEB
- github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32ghsaWEB
News mentions
0No linked articles in our index yet.