grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

Affected Packages

Packagist getgrav/grav

Affected versions: 0 (fixed in 1.7.21)

Related CVEs

CVE-2021-3818

Key Information

GHSA ID

GHSA-cg3q-59w7-rvc2

Published

September 29, 2021 5:12 PM

Last Modified

September 28, 2021 8:32 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

getgrav/grav

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.