VYPR
Critical severityNVD Advisory· Published Feb 5, 2021· Updated Aug 3, 2024

CVE-2021-3311

CVE-2021-3311

Description

An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
october/rainPackagist
< 1.0.4721.0.472
october/rainPackagist
>= 1.1.0, < 1.1.21.1.2

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.