Silverstripe HtmlEditor embed url sanitisation

2024-05-2318:14:45

Google

osv.dev

silverstripe

htmleditorfield

sanitisation

url

security

oembed

7 High

AI Score

Confidence

High

JSON

“Add from URL” doesn’t clearly sanitise URL server side

HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media “from a URL” (i.e. via oembed).

This action gets the URL to add in the GET parameter FileURL. However it doesn’t do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it’s possible future changes would break this.

CPENameOperatorVersion
silverstripe/frameworkeq3.1.20
silverstripe/frameworkeq3.0.3-rc1
silverstripe/frameworkeq3.1.3
silverstripe/frameworkeq3.1.4-rc1
silverstripe/frameworkeq3.1.8
silverstripe/frameworkeq3.0.7
silverstripe/frameworkeq3.1.10
silverstripe/frameworkeq3.1.1
silverstripe/frameworkeq3.1.18
silverstripe/frameworkeq3.0.5

Name	Operator	Version
silverstripe/framework	eq	3.1.20
silverstripe/framework	eq	3.0.3-rc1
silverstripe/framework	eq	3.1.3
silverstripe/framework	eq	3.1.4-rc1
silverstripe/framework	eq	3.1.8
silverstripe/framework	eq	3.0.7
silverstripe/framework	eq	3.1.10
silverstripe/framework	eq	3.1.1
silverstripe/framework	eq	3.1.18
silverstripe/framework	eq	3.0.5

Rows per page:

1-10 of 791

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

github.com/silverstripe/silverstripe-framework

www.silverstripe.org/download/security-releases/ss-2015-027

7 High

AI Score

Confidence

High

JSON