From 97638828c23a584bc6327ede463aa8b75d04f33c Mon Sep 17 00:00:00 2001
From: Steve Boyd <emteknetnz@gmail.com>
Date: Thu, 18 Jul 2024 15:56:33 +1200
Subject: [PATCH] Silverstripe advisories July 2024

---
 silverstripe/framework/CVE-2024-32981.yaml | 8 ++++++++
 silverstripe/framework/SS-2024-001.yaml    | 8 ++++++++
 silverstripe/reports/CVE-2024-29885.yaml   | 8 ++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 silverstripe/framework/CVE-2024-32981.yaml
 create mode 100644 silverstripe/framework/SS-2024-001.yaml
 create mode 100644 silverstripe/reports/CVE-2024-29885.yaml

diff --git a/silverstripe/framework/CVE-2024-32981.yaml b/silverstripe/framework/CVE-2024-32981.yaml
new file mode 100644
index 000000000..c8ca536df
--- /dev/null
+++ b/silverstripe/framework/CVE-2024-32981.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-32981
+cve:       CVE-2024-32981
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['>=5.0.0', '<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-001.yaml b/silverstripe/framework/SS-2024-001.yaml
new file mode 100644
index 000000000..629b3f6af
--- /dev/null
+++ b/silverstripe/framework/SS-2024-001.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-001 - TinyMCE allows svg files linked in object tags"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-001
+cve:       ~
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['>=5.0.0', '<5.2.16']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/reports/CVE-2024-29885.yaml b/silverstripe/reports/CVE-2024-29885.yaml
new file mode 100644
index 000000000..b3f79d6b1
--- /dev/null
+++ b/silverstripe/reports/CVE-2024-29885.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-29885 - Reports are still accessible even when canView is set to false"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-29885
+cve:       CVE-2024-29885
+branches:
+    5.2.x:
+        time:     2024-07-17 00:24:42
+        versions: ['>=5.0.0', '<5.2.3']
+reference: composer://silverstripe/reports