GHSA-wjg9-v8cf-f5q2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wjg9-v8cf-f5q2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wjg9-v8cf-f5q2/GHSA-wjg9-v8cf-f5q2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wjg9-v8cf-f5q2
- Published
- 2024-05-28T13:13:11Z
- Modified
- 2024-12-03T06:07:05.824380Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- silverstripe/graphql Cross-Site Request Forgery vulnerability
- Details
-
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-28T13:13:11Z" }- References
-
- https://github.com/silverstripe/silverstripe-graphql/commit/b59ba397ff42d8934bd2d9c932514f898c327f64
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/SS-2018-007-1.yaml
- https://github.com/silverstripe/silverstripe-graphql
- https://www.silverstripe.org/download/security-releases/ss-2018-007
Affected packages
Packagist / silverstripe/graphql
Package
- Name
- silverstripe/graphql
- Purl
- pkg:composer/silverstripe/graphql