GHSA-cwgq-83w5-8jfq: silverstripe/framework has possible denial of service attack vector when flushing
A possible denial of service attack vector has been identified in the dev/build system controller.
dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml
- github.com/advisories/GHSA-cwgq-83w5-8jfq
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991
- github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9
- github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df
- www.silverstripe.org/download/security-releases/ss-2018-019
Code Behaviors & Features
Detect and mitigate GHSA-cwgq-83w5-8jfq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →