Description
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.
Recommendation
Update the apostrophe package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.63.0, < 3.4.0
- Patched version(s): 3.4.0
References
Related Issues
- @digitalocean/do-markdownit has Type Confusion vulnerability - CVE-2025-59717
- node-opcua-alarm-condition prototype pollution vulnerability - CVE-2024-57086
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Tags:
- npm
- apostrophe
Anything's wrong? Let us know Last updated on February 03, 2023