SS-2015-027: Insufficient sanitization in "Add from URL"

November 16, 2015

“Add from URL” does not clearly sanitize URL server side in HtmlEditorField_Toolbar. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it’s possible future changes would break this.

References

www.silverstripe.org/download/security-releases/ss-2015-027/

Code Behaviors & Features

Detect and mitigate SS-2015-027 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →