PT-2020-9321 · Silverstripe · Silverstripe/Graphql+1

Published

2020-02-19

Updated

2022-05-24

CVE-2019-12437

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.3.4 SilverStripe/GraphQL versions prior to 2.0.5 SilverStripe/GraphQL versions prior to 3.1.2

Description: The previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations.

Recommendations: For SilverStripe versions prior to 4.3.4, update to version 4.3.4 or later. For SilverStripe/GraphQL versions prior to 2.0.5, update to version 2.0.5 or later. For SilverStripe/GraphQL versions prior to 3.1.2, update to version 3.1.2 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-12437

GHSA-FX37-56V6-85Q6

Affected Products

Silverstripe

Silverstripe/Graphql

PT-2020-9321 · Silverstripe · Silverstripe/Graphql+1

CVE-2019-12437

Weakness Enumeration

Related Identifiers

Affected Products

References · 12