Silverstripe · Silverstripe/Framework · CVE-2023-48714
**Name of the Vulnerable Software and Affected Versions**
Silverstripe Framework versions prior to 4.13.39 and 5.1.11
**Description**
The issue allows a user to access a record's title even if they should not be able to see the record, by adding it to a `GridField` using the `GridFieldAddExistingAutocompleter` component.
**Recommendations**
For versions prior to 4.13.39, update to version 4.13.39 or later.
For versions prior to 5.1.11, update to version 5.1.11 or later.