HIGH 7.5
GHSA-g8pg-33v4-9r96
Thelia authentication bypass vulnerability
Details
An authentication bypass was identifed in thelia/thelia project for customer and admin. This vulnerability is present from version 2.0.0-beta1 and is fixed in 2.1.3 and 2.2.0-alpha1.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / thelia/thelia
Introduced in:
2.0.0-beta1 Fixed in: 2.1.3 Fix
composer require thelia/thelia:^2.1.3 References
- https://github.com/github/advisory-database/pull/8012 [WEB]
- https://github.com/thelia/thelia/commit/028cfcf507cd8685772e156ec0c860034d407094 [WEB]
- https://github.com/thelia/thelia/commit/71c1cee66d8f2e515e82478f792879fa63843644 [WEB]
- https://github.com/FriendsOfPHP/security-advisories/blob/master/thelia/thelia/2015-04-13-1.yaml [WEB]
- https://github.com/thelia/thelia [PACKAGE]
- https://web.archive.org/web/20160502224630/http://thelia.net/version-2-1-3-with-security-fix [WEB]