First published: Tue Apr 09 2019(Updated: )
Confirming an opt-in token does not invalidate previous opt-in tokens
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao/contao | >=4.7.0<4.7.3 | |
composer/contao/core-bundle | >=4.7.0<4.7.3 | |
Contao Contao Cms | =4.7.0 | |
composer/contao/core-bundle | >=4.7.0<4.7.3 | 4.7.3 |
composer/contao/contao | >=4.7.0<4.7.3 | 4.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-10643.
The severity of CVE-2019-10643 is critical.
CVE-2019-10643 allows the use of a key past its expiration date.
Contao 4.7 and Contao CMS 4.7.0 are affected by CVE-2019-10643.
To fix CVE-2019-10643, update Contao and Contao CMS to versions 4.7.4 or later.