Silverstripe advisories July 2024

FriendsOfPHP · Jul 21, 2024 · 744edf0 · 744edf0
1 parent 60a2fa9
commit 744edf0
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/silverstripe/framework/CVE-2024-32981.yaml b/silverstripe/framework/CVE-2024-32981.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-32981
+cve:       CVE-2024-32981
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-001.yaml b/silverstripe/framework/SS-2024-001.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-001 - TinyMCE allows svg files linked in object tags"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-001
+cve:       ~
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/reports/CVE-2024-29885.yaml b/silverstripe/reports/CVE-2024-29885.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-29885 - Reports are still accessible even when canView is set to false"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-29885
+cve:       CVE-2024-29885
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['<5.2.3']
+reference: composer://silverstripe/reports