GHSA-vh7q-j8p5-2h4h

Suggest an improvement
Source
https://github.com/advisories/GHSA-vh7q-j8p5-2h4h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vh7q-j8p5-2h4h/GHSA-vh7q-j8p5-2h4h.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-vh7q-j8p5-2h4h
Published
2024-05-27T23:21:53Z
Modified
2024-12-02T05:45:50.723452Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
silverstripe/framework sends passwords back to browsers under some circumstances
Details

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-27T23:21:53Z"
}
References

Affected packages

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.5-rc1
Fixed
3.7.0

Affected versions

3.*

3.5.5
3.5.6-rc1
3.5.6
3.5.7
3.5.8-rc1
3.5.8
3.6.0-beta1
3.6.0-beta2
3.6.0-rc1
3.6.0
3.6.1-alpha2
3.6.1
3.6.2-beta1
3.6.2-beta2
3.6.2
3.6.3-rc2
3.6.3
3.6.4
3.6.5
3.6.6-rc1
3.6.6
3.6.7
3.6.8

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.3-rc1
Fixed
4.0.4

Affected versions

4.*

4.0.3

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0-rc1
Fixed
4.1.1

Affected versions

4.*

4.1.0-rc1
4.1.0-rc2
4.1.0