Silverstripe · Silverstripe Cms · CVE-2019-19326
**Name of the Vulnerable Software and Affected Versions**
Silverstripe CMS versions prior to 4.5
Silverstripe versions prior to 4.5
**Description**
The issue allows for web cache poisoning through the modification of the `X-Original-Url` and `X-HTTP-Method-Override` headers. This can lead to responses with malicious HTTP headers being returned to other consumers of the cached response.
**Recommendations**
For Silverstripe CMS versions prior to 4.5, consider disabling HTTP Cache Headers on responses served by the framework's HTTP layer as a temporary workaround until a patch is available.
Restrict access to the HTTPRequestBuilder to minimize the risk of exploitation.