GHSA-vh7q-j8p5-2h4h: silverstripe/framework sends passwords back to browsers under some circumstances
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml
- github.com/advisories/GHSA-vh7q-j8p5-2h4h
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb
- github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf
- www.silverstripe.org/download/security-releases/ss-2018-013
Code Behaviors & Features
Detect and mitigate GHSA-vh7q-j8p5-2h4h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →