Lucene search
GitHub Advisory DatabaseGHSA-VH7Q-J8P5-2H4HHistoryMay 27, 2024 - 11:21 p.m.
silverstripe/framework sends passwords back to browsers under some circumstances
2024-05-2723:21:53
GitHub Advisory Database
github.com
7
silverstripe
framework
password security
data leakage
web form
AI Score
7.3
Confidence
Low
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.
Affected configurations
Node
silverstripeframeworkRange4.1.0-rc1–4.1.1
ORsilverstripeframeworkRange4.0.3-rc1–4.0.4
ORsilverstripeframeworkRange3.5.5-rc1–3.7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silverstripe | framework | * | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-vh7q-j8p5-2h4h
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml
github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb
github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf
www.silverstripe.org/download/security-releases/ss-2018-013
AI Score
7.3
Confidence
Low