Sneridagh

**Name of the Vulnerable Software and Affected Versions** Volto versions 14.0.0-alpha.5 through 15.0.0-alpha.0 **Description** The issue occurs when using an outdated version of the `react-cookie` library and a server is under high load, allowing a user's authentication cookie to be replaced with another user's, effectively giving them control of the other user's account and privileges. Although a proof of concept does not currently exist, it is possible for this issue to occur in the wild. **Recommendations** For Volto versions 14.0.0-alpha.5 through 15.0.0-alpha.0, upgrade to Volto 15.0.0-alpha.0 or later to resolve the issue. As a temporary workaround, manually upgrade the `react-cookie` package to 4.1.1 and override all Volto components that use this library.