Information Exposure Through an Error Message Affecting silverstripe/framework package, versions >=3.7.0-rc1, <3.7.1 >=4.0.0-rc1, <4.0.5 >=4.1.0-rc1, <4.1.3 >=4.2.0-rc1, <4.2.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-SILVERSTRIPEFRAMEWORK-7151915
- published 29 May 2024
- disclosed 28 May 2024
- credit Dylan Wagstaff, Lukas Erni
How to fix?
Upgrade silverstripe/framework
to version 3.7.1, 4.0.5, 4.1.3, 4.2.2 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Information Exposure Through an Error Message during a connection failure. This issue occurs specifically when running in development mode with the mysqli
database driver. An attacker can access sensitive database credentials by exploiting the error messages displayed.
CVSS Scores
version 3.1