GHSA-m5q3-mvcr-gc5m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m5q3-mvcr-gc5m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-m5q3-mvcr-gc5m/GHSA-m5q3-mvcr-gc5m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m5q3-mvcr-gc5m
- Published
- 2024-05-27T23:02:56Z
- Modified
- 2024-12-02T05:33:12.974827Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- silverstripe/framework BackURL validation bypass with malformed URLs
- Details
-
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on
BackURLparameters. This could lead to users entering sensitive data in malicious websites instead of the intended one. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-601" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-27T23:02:56Z" }- References
-
- https://github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml
- https://github.com/silverstripe/silverstripe-framework
- https://www.silverstripe.org/download/security-releases/ss-2018-008
Affected packages
Packagist / silverstripe/framework
Package
- Name
- silverstripe/framework
- Purl
- pkg:composer/silverstripe/framework
Packagist / silverstripe/framework
Package
- Name
- silverstripe/framework
- Purl
- pkg:composer/silverstripe/framework