Описание
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.5.0-rc1, < 3.5.5
3.5.5
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.6.0-rc1, < 3.6.2
3.6.2