Moderate severity vulnerability that affects silverstripe/framework

2019-11-12T23:01:50
ID GHSA-JVX5-RM6Q-GX7P
Type github
Reporter GitHub Advisory Database
Modified 2019-11-13T17:02:04

Description

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.