Silverstripe HtmlEditor embed url sanitisation

2024-05-2318:14:45

GitHub Advisory Database

github.com

silverstripe

htmleditor

url sanitisation

server side

oembed

media

cms

security issue

future changes

7 High

AI Score

Confidence

High

JSON

“Add from URL” doesn’t clearly sanitise URL server side

HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media “from a URL” (i.e. via oembed).

This action gets the URL to add in the GET parameter FileURL. However it doesn’t do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it’s possible future changes would break this.

Affected configurations

Vulners

Node

silverstripeframeworkRange<3.2.1

CPENameOperatorVersion
silverstripe/frameworklt3.2.1

CPE	Name	Operator	Version
	silverstripe/framework	lt	3.2.1

References

github.com/advisories/GHSA-qp29-wcc2-vmpc

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

www.silverstripe.org/download/security-releases/ss-2015-027

7 High

AI Score

Confidence

High

JSON