Vulnerability Database
296,172
Total vulnerabilities in the database
silverstripe/framework has possible denial of service attack vector when flushing
A possible denial of service attack vector has been identified in the dev/build system controller.
dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.
| Software | From | Fixed in |
|---|---|---|
silverstripe / framework
|
4.0.0-rc1 | 4.0.5 |
|
silverstripe / framework
|
4.1.0-rc1 | 4.1.3 |
|
silverstripe / framework
|
4.2.0-rc1 | 4.2.2 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml
- https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991
- https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9
- https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df
- https://www.silverstripe.org/download/security-releases/ss-2018-019