SS-2015-029: CSRF vulnerability in savetreenodes

May 11, 2016

savetreenode action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.

References

www.silverstripe.org/download/security-releases/ss-2015-029
github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a

Code Behaviors & Features

Detect and mitigate SS-2015-029 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →