CVE-2019-19326: SilverStripe Web Cache Poisoning through HTTPRequestBuilder
(updated )
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
- github.com/advisories/GHSA-q9ff-3q93-fm8m
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
- github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
- github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
- nvd.nist.gov/vuln/detail/CVE-2019-19326
- www.silverstripe.org/download/security-releases/CVE-2019-19326
Detect and mitigate CVE-2019-19326 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →