CVE-2011-4962: Improper Input Validation
(updated )
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
References
- www.openwall.com/lists/oss-security/2012/04/30/1
- www.openwall.com/lists/oss-security/2012/04/30/3
- github.com/advisories/GHSA-gv6c-59h4-9pmg
- github.com/silverstripe/silverstripe-cms/commit/d15e8509b01ff2dbbe3028a055021a29b1065b22
- nvd.nist.gov/vuln/detail/CVE-2011-4962
- web.archive.org/web/20120621234353/http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
Code Behaviors & Features
Detect and mitigate CVE-2011-4962 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →