SS-2018-019: Possible denial of service attack vector when flushing
- Severity:
- Medium (?)
- Identifier:
- SS-2018-019
- Versions Affected:
- silverstripe/framework:^4.0
- Versions Fixed:
- silverstripe/framework:4.0.5, silverstripe/framework:4.1.3, silverstripe/framework:4.2.2, silverstripe/framework:4.3.0
- Release Date:
- 2018-11-07
A possible denial of service attack vector has been identified in the dev/build system controller.
dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.
Reported by Michael Strong (SilverStripe Ltd)