Observable Discrepancy Affecting silverstripe/framework package, versions >=4.0.0, <5.3.23
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Observable Discrepancy vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-9686767
- published11 Apr 2025
- disclosed10 Apr 2025
- creditDaniel Hensby, Erez Yalon
Introduced: 10 Apr 2025
CVE NOT AVAILABLE CWE-200 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade silverstripe/framework to version 5.3.23 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Observable Discrepancy. An attacker can enumerate users by performing a timing attack on the login or password reset pages with user credentials.