-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 8.0.0, < 8.7.27 | 8.7.27 |
| typo3/cms | composer | >= 9.0.0, < 9.5.8 | 9.5.8 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from improper session handling during logout. The FrontendUserAuthentication class manages frontend user sessions. In vulnerable versions, the logoff() method likely only reset user authentication state without clearing session data. The security advisory specifies session data persistence across logouts, which would be controlled by this authentication component. The patch introduced session data purging during logout, indicating the logoff() method was modified to address this issue.
Ongoing coverage of React2Shell