Lucene search
GoogleOSV:GHSA-VH7Q-J8P5-2H4HHistoryMay 27, 2024 - 11:21 p.m.
silverstripe/framework sends passwords back to browsers under some circumstances
2024-05-2723:21:53
Google
osv.dev
4
silverstripe
framework
password security
data reflection
best practice
data leak
AI Score
7.3
Confidence
Low
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.
References
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml
github.com/silverstripe/silverstripe-framework
github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb
github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf
www.silverstripe.org/download/security-releases/ss-2018-013
AI Score
7.3
Confidence
Low