GHSA-vgxh-x8jv-hmff: silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written which makes use of the second argument in renderWith and where user input is passed directly as a value in an associative array without sanitisation such as Convert::raw2xml().
ViewableData::customise is not vulnerable.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-006-1.yaml
- github.com/advisories/GHSA-vgxh-x8jv-hmff
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/6f50728b185e62c0087a58b295a015cb13276911
- www.silverstripe.org/download/security-releases/ss-2018-006
Code Behaviors & Features
Detect and mitigate GHSA-vgxh-x8jv-hmff with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →