GHSA-7mv4-4xpg-xq44

Source

https://github.com/advisories/GHSA-7mv4-4xpg-xq44

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7mv4-4xpg-xq44/GHSA-7mv4-4xpg-xq44.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7mv4-4xpg-xq44

Aliases

Published

2022-03-26T00:14:34Z

Modified

2024-02-17T05:35:24.555900Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

FormField with square brackets in field name skips validation

Details

FileField with array notation skips validation

The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.

PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.

In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-26T00:14:34Z"
}

References

Affected packages

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

4.7.4

Affected versions

3.*

3.0.2.1

3.0.3-rc1

3.0.3-rc2

3.0.3

3.0.4

3.0.5

3.0.6-rc1

3.0.6-rc2

3.0.6

3.0.7-rc1

3.0.7

3.0.8

3.0.9-rc1

3.0.9

3.0.10-rc1

3.0.10

3.0.11-rc1

3.0.11

3.0.12

3.0.13

3.0.14

3.1.0-beta1

3.1.0-beta2

3.1.0-beta3

3.1.0-rc1

3.1.0-rc2

3.1.0-rc3

3.1.0

3.1.1

3.1.2-rc1

3.1.2

3.1.3-rc1

3.1.3-rc2

3.1.3

3.1.4-rc1

3.1.4

3.1.5-rc1

3.1.5

3.1.6-rc1

3.1.6-rc2

3.1.6-rc3

3.1.6

3.1.7-rc1

3.1.7

3.1.8

3.1.9-rc1

3.1.9

3.1.10-rc1

3.1.10-rc2

3.1.10

3.1.11-rc1

3.1.11

3.1.12

3.1.13-rc1

3.1.13

3.1.14-rc1

3.1.14

3.1.15

3.1.16-rc1

3.1.16

3.1.17-rc1

3.1.17-rc2

3.1.17

3.1.18-rc1

3.1.18-rc2

3.1.18

3.1.19-rc1

3.1.19

3.1.20-rc1

3.1.20-rc2

3.1.20

3.1.21

3.2.0-beta1

3.2.0-beta2

3.2.0-rc1

3.2.0-rc2

3.2.0

3.2.1-rc1

3.2.1-rc2

3.2.1

3.2.2-rc1

3.2.2-rc2

3.2.2

3.2.3-rc1

3.2.3-rc2

3.2.3

3.2.4-rc1

3.2.4

3.2.5-rc1

3.2.5-rc2

3.2.5

3.2.6

3.3.0-beta1

3.3.0-rc1

3.3.0-rc2

3.3.0-rc3

3.3.0

3.3.1-rc1

3.3.1-rc2

3.3.1

3.3.2-rc1

3.3.2

3.3.3-rc1

3.3.3-rc2

3.3.3

3.3.4

3.4.0-rc1

3.4.0

3.4.1-rc1

3.4.1-rc2

3.4.1

3.4.2

3.4.3-rc1

3.4.3

3.4.4-rc1

3.4.4

3.4.5-rc1

3.4.5

3.4.6-rc1

3.4.6-rc2

3.4.6

3.5.0-rc1

3.5.0-rc2

3.5.0-rc3

3.5.0

3.5.1-rc1

3.5.1-rc2

3.5.1

3.5.2-rc1

3.5.2

3.5.3-rc1

3.5.3

3.5.4-rc1

3.5.4

3.5.5-beta1

3.5.5-beta2

3.5.5

3.5.6-rc1

3.5.6

3.5.7

3.5.8-rc1

3.5.8

3.6.0-beta1

3.6.0-beta2

3.6.0-rc1

3.6.0

3.6.1-alpha2

3.6.1

3.6.2-beta1

3.6.2-beta2

3.6.2

3.6.3-rc2

3.6.3

3.6.4

3.6.5

3.6.6-rc1

3.6.6

3.6.7

3.6.8

3.7.0

3.7.1-rc1

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

4.*

4.0.0-alpha1

4.0.0-alpha2

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha5

4.0.0-alpha6

4.0.0-alpha7

4.0.0-beta1

4.0.0-beta2

4.0.0-beta3

4.0.0-beta4

4.0.0-rc1

4.0.0-rc2

4.0.0-rc3

4.0.0

4.0.1-rc1

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0-rc1

4.1.0-rc2

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.2.0-beta1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0-rc1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4.0-rc1

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.5.0-alpha1

4.5.0-rc1

4.5.0-rc2

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.6.0-beta1

4.6.0-rc1

4.6.0

4.6.1

4.6.2

4.7.0-beta1

4.7.0-rc1

4.7.0

4.7.1

4.7.2

4.7.3