Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User Session Fixation after Account Removal in PayloadCMS
Vulnerability Description
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload.
CVSS Information
N/A
Vulnerability Type
会话固定
Vulnerability Title
Payload 授权问题漏洞
Vulnerability Description
Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload存在授权问题漏洞,该漏洞源于SQLite适配器在账户创建期间标识符重用,可能导致会话固定攻击。
CVSS Information
N/A
Vulnerability Type
N/A