Name of the Vulnerable Software and Affected Versions SilverStripe versions 3.7 through 4.x

Description The issue potentially discloses database connection details when SilverStripe is run in dev mode using the mysqli database driver. To mitigate this, sensitive parts of the connection information have been blacklisted from being included in dev mode stack traces when database errors occur.

Recommendations For SilverStripe versions 3.7 through 4.x, consider running the application outside of dev mode to minimize the risk of connection detail disclosure. As a temporary workaround, ensure that the blacklisting of sensitive connection information is properly configured to prevent exposure in dev mode stack traces.