CVE-2021-28661

Identifiers

CVE-2021-28661

Package Slug

packagist/silverstripe/framework

Vulnerability

Incorrect Authorization

Description

Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.

Affected Versions

All versions starting from 3.0.0 before 3.5.2

Solution

Upgrade to version 3.5.2 or above.

Last Modified

2021-10-18