Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2018-019: Possible denial of service attack vector when flushing

Severity:
Medium (?)
Identifier:
SS-2018-019
Versions Affected:
silverstripe/framework:^4.0
Versions Fixed:
silverstripe/framework:4.0.5, silverstripe/framework:4.1.3, silverstripe/framework:4.2.2, silverstripe/framework:4.3.0
Release Date:
2018-11-07

A possible denial of service attack vector has been identified in the dev/build system controller.

dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.

Reported by Michael Strong (SilverStripe Ltd)