-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from a configuration setting in session.php ('expire_on_close' being set to false) rather than specific functions. The commit 68f398f fixes this by changing the configuration value to true. While this configuration affects session handling, there are no actual functions in the Firefly III codebase that implement flawed session expiration logic - the vulnerability exists at the framework configuration level rather than in specific function implementations. The session expiration behavior was controlled by Laravel's native session handling using this configuration parameter.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| grumpydictator/firefly-iii | composer | < 6.0.0 | 6.0.0 |