Lucene search

K
githubGitHub Advisory DatabaseGHSA-VJ2J-6G3W-4662
HistoryMay 23, 2024 - 7:41 p.m.

Silverstripe Missing CSRF protection in login form

2024-05-2319:41:41
CWE-352
GitHub Advisory Database
github.com
2
silverstripe
login form
csrf protection
vulnerability
security token
software

7.1 High

AI Score

Confidence

Low

LoginForm calls disableSecurityToken(), which causes a β€œshared host domain” vulnerability: http://stackoverflow.com/a/15350123.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.3.2
OR
silverstripeframeworkRange<3.2.4
OR
silverstripeframeworkRange<3.1.19

7.1 High

AI Score

Confidence

Low