GHSA-qp29-wcc2-vmpc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qp29-wcc2-vmpc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-qp29-wcc2-vmpc/GHSA-qp29-wcc2-vmpc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qp29-wcc2-vmpc
- Published
- 2024-05-23T18:14:45Z
- Modified
- 2024-11-28T05:41:00.784999Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Silverstripe HtmlEditor embed url sanitisation
- Details
-
"Add from URL" doesn't clearly sanitise URL server side
HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed).
This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-23T18:14:45Z" }- References
Affected packages
Packagist / silverstripe/framework
Package
- Name
- silverstripe/framework
- Purl
- pkg:composer/silverstripe/framework
Affected versions
3.*
3.0.2.1
3.0.3-rc1
3.0.3-rc2
3.0.3
3.0.4
3.0.5
3.0.6-rc1
3.0.6-rc2
3.0.6
3.0.7-rc1
3.0.7
3.0.8
3.0.9-rc1
3.0.9
3.0.10-rc1
3.0.10
3.0.11-rc1
3.0.11
3.0.12
3.0.13
3.0.14
3.1.0-beta1
3.1.0-beta2
3.1.0-beta3
3.1.0-rc1
3.1.0-rc2
3.1.0-rc3
3.1.0
3.1.1
3.1.2-rc1
3.1.2
3.1.3-rc1
3.1.3-rc2
3.1.3
3.1.4-rc1
3.1.4
3.1.5-rc1
3.1.5
3.1.6-rc1
3.1.6-rc2
3.1.6-rc3
3.1.6
3.1.7-rc1
3.1.7
3.1.8
3.1.9-rc1
3.1.9
3.1.10-rc1
3.1.10-rc2
3.1.10
3.1.11-rc1
3.1.11
3.1.12
3.1.13-rc1
3.1.13
3.1.14-rc1
3.1.14
3.1.15
3.1.16-rc1
3.1.16
3.1.17-rc1
3.1.17-rc2
3.1.17
3.1.18-rc1
3.1.18-rc2
3.1.18
3.1.19-rc1
3.1.19
3.1.20-rc1
3.1.20-rc2
3.1.20
3.1.21
3.2.0-beta1
3.2.0-beta2
3.2.0-rc1
3.2.0-rc2
3.2.0
3.2.1-rc1
3.2.1-rc2