Starch versions 0.14 and earlier generate session ids insecurely. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
NVD
GitHub
CVSS 3.1
9.1
EPSS
0.0%