Description
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.
Recommendation
Update the apostrophe package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.63.0, < 3.4.0
- Patched version(s): 3.4.0
References
Related Issues
- Strapi is vulnerable to Insufficient Session Expiration - CVE-2025-3930
- Command Injection Vulnerability in systeminformation - CVE-2021-21388
- Cross-site Scripting in apostrophe - CVE-2021-25978
- string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
You might also like:
- Tags:
- npm
- apostrophe
Anything's wrong? Let us know Last updated on February 03, 2023