Elliot Sawyer

**Name of the Vulnerable Software and Affected Versions** SilverStripe versions through 4.5.0 **Description** A specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a SilverStripe application, without revealing the specific version. This functionality is limited to execution in a CLI context and is not known to present a risk through web-based access. Additionally, this preconfigured path blocks the creation of other resources on this path, such as a page. **Recommendations** For versions through 4.5.0, consider restricting access to the specific URL path configured by default through the silverstripe/framework module to minimize the risk of disclosure. As a temporary workaround, consider disabling the functionality associated with this URL path until a more permanent solution is available.