2 matches found
CVE-2019-12437
CVE-2019-12437 affects SilverStripe up to 4.3.3, where the prior fix for SS-2018-007 does not fully mitigate CSRF in GraphQL mutations. Connected sources (GHSA/OSV/Red Hat) indicate this CSRF protection was not complete and fixes exist in SilverStripe GraphQL at versions 2.0.5 and 3.1.2. Remediat...
CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12437...