SS-2018-019: Possible denial of service attack vector when flushing
- Severity:
- Moderate (?)
- Identifier:
- SS-2018-019
- Versions Affected:
- silverstripe/framework: ^4.0.0
- Versions Fixed:
- silverstripe/framework: 4.0.5, 4.1.3, 4.2.2, 4.3.0-rc1
- Release Date:
- 2018-11-07
A possible denial of service attack vector has been identified in the dev/build system controller.
dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.
Reported by Michael Strong (SilverStripe Ltd)
