CVE-2019-12245: Information Exposure
(updated )
SilverStripe has incorrect access control for protected files uploaded via Upload::loadIntoFile()
. An attacker may be able to guess a filename in silverstripe/assets
via the AssetControlExtension
.
References
Detect and mitigate CVE-2019-12245 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →