Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2018-019: Possible denial of service attack vector when flushing

Severity:
Moderate (?)
Identifier:
SS-2018-019
Versions Affected:
silverstripe/framework: ^4.0.0
Versions Fixed:
silverstripe/framework: 4.0.5, 4.1.3, 4.2.2, 4.3.0-rc1
Release Date:
2018-11-07

A possible denial of service attack vector has been identified in the dev/build system controller.

dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.

Reported by Michael Strong (SilverStripe Ltd)