Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector

Severity:
Low (?)
Identifier:
SS-2018-020
Versions Affected:
silverstripe/framework:^4.0, silverstripe/graphql:<4.3.0
Versions Fixed:
silverstripe/framework:4.0.6, silverstripe/framework:4.1.4, silverstripe/framework:4.2.3, silverstripe/framework:4.3.0
Release Date:
2018-12-12

A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code.