GHSA-p2v5-xcqm-4fv6: silverstripe/taxonomy SQL Injection vulnerability
There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController) is disabled by default and must be enabled by a developer for the exploit to be possible.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/taxonomy/SS-2018-011-1.yaml
- github.com/advisories/GHSA-p2v5-xcqm-4fv6
- github.com/silverstripe/silverstripe-taxonomy
- github.com/silverstripe/silverstripe-taxonomy/commit/01a5d9e04b993df507058aa53e6e18efc5ca405b
- github.com/silverstripe/silverstripe-taxonomy/commit/d037941e931490c33af5029c676447ed38896ee8
- www.silverstripe.org/download/security-releases/ss-2018-011
Code Behaviors & Features
Detect and mitigate GHSA-p2v5-xcqm-4fv6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →