-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.0, < 2.4.1-p1 | 2.4.1-p1 |
| magento/community-edition | composer | < 2.3.6 | 2.3.6 |
| magento/project-community-edition | composer | <= 2.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on insufficient session invalidation. Magento's session termination mechanisms during logout/password changes are prime suspects. The Session::logout() method and its caller in the Logout controller are critical points where improper session handling (e.g., missing session regeneration or cookie invalidation) could leave sessions active. While exact patch details are unavailable, these components align with CWE-613 patterns and Magento's session management architecture.
PHPPHPOngoing coverage of React2Shell