Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-6WM6-MV83-V9QJ

Vulnerability from github – Published: 2022-07-05 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-04T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.",
  "id": "GHSA-6wm6-mv83-v9qj",
  "modified": "2022-07-13T00:01:53Z",
  "published": "2022-07-05T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29471"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2022/007429.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WRH-279J-6HVW

Vulnerability from github – Published: 2022-03-10 17:55 – Updated: 2022-03-18 20:15
VLAI
Summary
HTTP caching is marking private HTTP headers as public in Shopware
Details

Impact

HTTP caching is marking private HTTP headers as public

Patches

Fixed in recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.4.8.1"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/platform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.4.8.1"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.4.8.1"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/storefront"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-10T17:55:21Z",
    "nvd_published_at": "2022-03-09T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nHTTP caching is marking private HTTP headers as public\n\n## Patches\nFixed in  recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview.\n\nhttps://www.shopware.com/en/download/#shopware-6\n\n## Workarounds\nFor older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.",
  "id": "GHSA-6wrh-279j-6hvw",
  "modified": "2022-03-18T20:15:05Z",
  "published": "2022-03-10T17:55:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24747"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f"
    },
    {
      "type": "WEB",
      "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/shopware/platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HTTP caching is marking private HTTP headers as public in Shopware"
}

GHSA-6X2V-HVX7-M5X7

Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00
VLAI
Details

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-23T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.",
  "id": "GHSA-6x2v-hvx7-m5x7",
  "modified": "2022-07-28T00:00:48Z",
  "published": "2022-07-24T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1137"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1289846"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XXC-4JC4-7JV3

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2025-05-14 19:17
VLAI
Summary
Exposure of Resource to Wrong Sphere in Liferay Portal
Details

Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.portal.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-33330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-09T13:17:26Z",
    "nvd_published_at": "2021-08-03T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted user\u2019s email address and current CSRF token.",
  "id": "GHSA-6xxc-4jc4-7jv3",
  "modified": "2025-05-14T19:17:39Z",
  "published": "2022-05-24T22:28:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33330"
    },
    {
      "type": "WEB",
      "url": "https://issues.liferay.com/browse/LPE-17127"
    },
    {
      "type": "WEB",
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere in Liferay Portal"
}

GHSA-72C2-P2MR-MQR3

Vulnerability from github – Published: 2022-06-17 00:01 – Updated: 2022-06-29 00:00
VLAI
Details

An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.",
  "id": "GHSA-72c2-p2mr-mqr3",
  "modified": "2022-06-29T00:00:27Z",
  "published": "2022-06-17T00:01:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FederatedAI/FATE/commit/6feccf6d752184a6f9365d56a76fe627983e7139"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72V5-4C4W-2CHJ

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 01:01
VLAI
Details

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-20T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.",
  "id": "GHSA-72v5-4c4w-2chj",
  "modified": "2024-04-04T01:01:52Z",
  "published": "2022-05-24T16:48:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1848"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73R4-PGGG-5F69

Vulnerability from github – Published: 2022-04-30 18:16 – Updated: 2025-04-03 03:43
VLAI
Details

Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-0892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-11-13T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.",
  "id": "GHSA-73r4-pggg-5f69",
  "modified": "2025-04-03T03:43:51Z",
  "published": "2022-04-30T18:16:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0892"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.acme.com/software/thttpd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-74V5-X8GW-Q8F8

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-28 00:00
VLAI
Details

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.",
  "id": "GHSA-74v5-x8gw-q8f8",
  "modified": "2022-09-28T00:00:25Z",
  "published": "2022-09-25T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26707"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213257"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7523-XCC2-M3RM

Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30
VLAI
Details

Open Management Infrastructure Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T18:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Open Management Infrastructure Information Disclosure Vulnerability",
  "id": "GHSA-7523-xcc2-m3rm",
  "modified": "2023-11-14T18:30:28Z",
  "published": "2023-11-14T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36043"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36043"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7563-75J9-6H5P

Vulnerability from github – Published: 2022-03-14 22:26 – Updated: 2022-03-15 21:47
VLAI
Summary
Sensitive Information Exposure in Sylius
Details

Impact

Any other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator.

This vulnerability requires full access to the computer to take advantage of it.

Patches

The issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.

Workarounds

The application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:

<?php

declare(strict_types=1);

namespace App\EventListener;

use App\SectionResolver\ShopCustomerAccountSubSection;
use Sylius\Bundle\AdminBundle\SectionResolver\AdminSection;
use Sylius\Bundle\CoreBundle\SectionResolver\SectionProviderInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;

final class CacheControlSubscriber implements EventSubscriberInterface
{
    /** @var SectionProviderInterface */
    private $sectionProvider;

    public function __construct(SectionProviderInterface $sectionProvider)
    {
        $this->sectionProvider = $sectionProvider;
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::RESPONSE => 'setCacheControlDirectives',
        ];
    }

    public function setCacheControlDirectives(ResponseEvent $event): void
    {
        if (
            !$this->sectionProvider->getSection() instanceof AdminSection &&
            !$this->sectionProvider->getSection() instanceof ShopCustomerAccountSubSection
        ) {
            return;
        }

        $response = $event->getResponse();

        $response->headers->addCacheControlDirective('no-cache', true);
        $response->headers->addCacheControlDirective('max-age', '0');
        $response->headers->addCacheControlDirective('must-revalidate', true);
        $response->headers->addCacheControlDirective('no-store', true);
    }
}

After that register service in the container:

services:
    App\EventListener\CacheControlSubscriber:
        arguments: ['@sylius.section_resolver.uri_based_section_resolver']
        tags:
            - { name: kernel.event_subscriber, event: kernel.response }

The code above requires changes in ShopUriBasedSectionResolver in order to work. To backport mentioned logic, you need to replace the Sylius\Bundle\ShopBundle\SectionResolver\ShopUriBasedSectionResolver class with:

<?php

declare(strict_types=1);

namespace App\SectionResolver;

use Sylius\Bundle\CoreBundle\SectionResolver\SectionInterface;
use Sylius\Bundle\CoreBundle\SectionResolver\UriBasedSectionResolverInterface;
use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;

final class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface
{
    /** @var string */
    private $shopCustomerAccountUri;

    public function __construct(string $shopCustomerAccountUri = 'account')
    {
        $this->shopCustomerAccountUri = $shopCustomerAccountUri;
    }

    public function getSection(string $uri): SectionInterface
    {
        if (str_contains($uri, $this->shopCustomerAccountUri)) {
            return new ShopCustomerAccountSubSection();
        }

        return new ShopSection();
    }
}
services:
    sylius.section_resolver.shop_uri_based_section_resolver:
        class: App\SectionResolver\ShopUriBasedSectionResolver
        tags:
            - { name: sylius.uri_based_section_resolver, priority: -10 }

You also need to define a new subsection for the Customer Account that is used in the above services:

<?php

declare(strict_types=1);

namespace App\SectionResolver;

use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;

class ShopCustomerAccountSubSection extends ShopSection
{
}

References

  • Originally published at https://huntr.dev/

For more information

If you have any questions or comments about this advisory: * Open an issue in Sylius issues * Email us at security@sylius.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10"
            },
            {
              "fixed": "1.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-213",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T22:26:58Z",
    "nvd_published_at": "2022-03-14T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAny other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator. \n\nThis vulnerability requires full access to the computer to take advantage of it.\n\n### Patches\nThe issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.\n\n### Workarounds\nThe application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\EventListener;\n\nuse App\\SectionResolver\\ShopCustomerAccountSubSection;\nuse Sylius\\Bundle\\AdminBundle\\SectionResolver\\AdminSection;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionProviderInterface;\nuse Symfony\\Component\\EventDispatcher\\EventSubscriberInterface;\nuse Symfony\\Component\\HttpKernel\\Event\\ResponseEvent;\nuse Symfony\\Component\\HttpKernel\\KernelEvents;\n\nfinal class CacheControlSubscriber implements EventSubscriberInterface\n{\n    /** @var SectionProviderInterface */\n    private $sectionProvider;\n\n    public function __construct(SectionProviderInterface $sectionProvider)\n    {\n        $this-\u003esectionProvider = $sectionProvider;\n    }\n\n    public static function getSubscribedEvents(): array\n    {\n        return [\n            KernelEvents::RESPONSE =\u003e \u0027setCacheControlDirectives\u0027,\n        ];\n    }\n\n    public function setCacheControlDirectives(ResponseEvent $event): void\n    {\n        if (\n            !$this-\u003esectionProvider-\u003egetSection() instanceof AdminSection \u0026\u0026\n            !$this-\u003esectionProvider-\u003egetSection() instanceof ShopCustomerAccountSubSection\n        ) {\n            return;\n        }\n\n        $response = $event-\u003egetResponse();\n\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-cache\u0027, true);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027max-age\u0027, \u00270\u0027);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027must-revalidate\u0027, true);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-store\u0027, true);\n    }\n}\n```\n\nAfter that register service in the container:\n\n```yaml\nservices:\n    App\\EventListener\\CacheControlSubscriber:\n        arguments: [\u0027@sylius.section_resolver.uri_based_section_resolver\u0027]\n        tags:\n            - { name: kernel.event_subscriber, event: kernel.response }\n```\n\nThe code above requires changes in `ShopUriBasedSectionResolver` in order to work. To backport mentioned logic, you need to replace the `Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopUriBasedSectionResolver` class with:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionInterface;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\UriBasedSectionResolverInterface;\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nfinal class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface\n{\n    /** @var string */\n    private $shopCustomerAccountUri;\n\n    public function __construct(string $shopCustomerAccountUri = \u0027account\u0027)\n    {\n        $this-\u003eshopCustomerAccountUri = $shopCustomerAccountUri;\n    }\n\n    public function getSection(string $uri): SectionInterface\n    {\n        if (str_contains($uri, $this-\u003eshopCustomerAccountUri)) {\n            return new ShopCustomerAccountSubSection();\n        }\n\n        return new ShopSection();\n    }\n}\n```\n\n```yaml\nservices:\n    sylius.section_resolver.shop_uri_based_section_resolver:\n        class: App\\SectionResolver\\ShopUriBasedSectionResolver\n        tags:\n            - { name: sylius.uri_based_section_resolver, priority: -10 }\n```\n\nYou also need to define a new subsection for the Customer Account that is used in the above services:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nclass ShopCustomerAccountSubSection extends ShopSection\n{\n}\n```\n\n### References\n* Originally published at https://huntr.dev/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues)\n* Email us at security@sylius.com\n",
  "id": "GHSA-7563-75j9-6h5p",
  "modified": "2022-03-15T21:47:08Z",
  "published": "2022-03-14T22:26:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24742"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.9.10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Information Exposure in Sylius"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.