3 matches found
GHSA-M2HH-2M46-X6J5 silverstripe/framework may disclose database credentials during connection failure
When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...
silverstripe/framework may disclose database credentials during connection failure
When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...
GHSA-9FMG-89FX-R33W Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...