GHSA-m5q3-mvcr-gc5m: silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml
- github.com/advisories/GHSA-m5q3-mvcr-gc5m
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea
- www.silverstripe.org/download/security-releases/ss-2018-008
Code Behaviors & Features
Detect and mitigate GHSA-m5q3-mvcr-gc5m with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →