Lucene search
GitHub Advisory DatabaseGHSA-VJ2J-6G3W-4662HistoryMay 23, 2024 - 7:41 p.m.
Silverstripe Missing CSRF protection in login form
2024-05-2319:41:41
CWE-352
GitHub Advisory Database
github.com
2
silverstripe
login form
csrf protection
vulnerability
security token
software
7.1 High
AI Score
Confidence
Low
LoginForm calls disableSecurityToken(), which causes a βshared host domainβ vulnerability: http://stackoverflow.com/a/15350123.
Affected configurations
Node
silverstripeframeworkRange<3.3.2
ORsilverstripeframeworkRange<3.2.4
ORsilverstripeframeworkRange<3.1.19
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/framework | lt | 3.3.2 | |
| silverstripe/framework | lt | 3.2.4 | |
| silverstripe/framework | lt | 3.1.19 |
References
github.com/advisories/GHSA-vj2j-6g3w-4662
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-006-1.yaml
github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks/15350123#15350123
www.silverstripe.org/download/security-releases/ss-2016-006
7.1 High
AI Score
Confidence
Low