In SilverStripe assets 4.0, there is broken access control on files.
forum.silverstripe.org/c/releases
github.com/FriendsOfPHP/security-advisories
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
nvd.nist.gov/vuln/detail/CVE-2019-14273
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases
www.silverstripe.org/download/security-releases/CVE-2019-14273