GHSA-vh7q-j8p5-2h4h – silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=3.5.5-rc1 <3.7.0 || >=4.0.3-rc1 <4.0.4 || >=4.1.0-rc1 <4.1.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

silverstripe/framework sends passwords back to browsers under some circumstances Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.

Metadata

Created: 2024-05-27T23:21:53Z
Modified: 2024-05-27T23:21:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vh7q-j8p5-2h4h/GHSA-vh7q-j8p5-2h4h.json
CWE IDs: []
Alternative ID: N/A
Finding: F017
Auto approve: 1