GHSA-265q-222x-52m6: silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml
- github.com/advisories/GHSA-265q-222x-52m6
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77
- github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d
- www.silverstripe.org/download/security-releases/ss-2018-020
Detect and mitigate GHSA-265q-222x-52m6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →