Описание
silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one.
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 4.0.0-rc1, < 4.0.4
4.0.4
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 4.1.0-rc1, < 4.1.1
4.1.1
7.5 High
CVSS3
Дефекты
CWE-601
7.5 High
CVSS3
Дефекты
CWE-601