Arbitrary Code Execution Affecting silverstripe/framework package, versions >=4.0.3, <4.0.4 >=4.1.0, <4.1.1
Snyk CVSS
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-SILVERSTRIPEFRAMEWORK-546497
- published 5 Feb 2020
- disclosed 5 Feb 2020
- credit Logan Woods and Josh Leroux
How to fix?
Upgrade silverstripe/framework to version 4.0.4, 4.1.1 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Arbitrary Code Execution. There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placehoders. This exploit requires that user code has been written which makes use of the second argument in renderWith and where user input is passed directly as a value in an associative array without sanitisation such as Convert::raw2xml().
ViewableData::customise is not vulnerable.