MEDIUM 5.0
GHSA-3g43-x7qr-96ph
Possible CSRF token fixation
Details
### Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables `same-site attackers` to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation.
### Patches The problem is fixed in version 8.0.1
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / prestashop/prestashop
Introduced in:
0 Fixed in: 8.0.1 Fix
composer require prestashop/prestashop:^8.0.1