Security Advisory

CVE-2022-24742

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-14 19:20:10

Last updated 2025-04-23 18:54:10

Assigner GitHub_M

State PUBLISHED

Description

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

← Browse all CVEs View on cve.org ↗