GHSA-qp29-wcc2-vmpc – silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=3.0.0 <3.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Silverstripe HtmlEditor embed url sanitisation "Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.

Metadata

Created: 2024-05-23T18:14:45Z
Modified: 2024-05-23T18:14:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-qp29-wcc2-vmpc/GHSA-qp29-wcc2-vmpc.json
CWE IDs: []
Alternative ID: N/A
Finding: F184
Auto approve: 1