{"url":"http://public2.vulnerablecode.io/api/packages/59341?format=json","purl":"pkg:gem/camaleon_cms@0.1.7","type":"gem","namespace":"","name":"camaleon_cms","version":"0.1.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.1","latest_non_vulnerable_version":"2.7.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41617?format=json","vulnerability_id":"VCID-6xw2-ykvp-4qaw","summary":"Insufficient Session Expiration\nCamaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25970","reference_id":"CVE-2021-25970","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25970"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59334?format=json","purl":"pkg:gem/camaleon_cms@2.6.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1"}],"aliases":["CVE-2021-25970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xw2-ykvp-4qaw"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@0.1.7"}