High severityNVD Advisory· Published Feb 19, 2020· Updated Aug 4, 2024
CVE-2019-12437
CVE-2019-12437
Description
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/graphqlPackagist | >= 2.0.0, < 2.0.5 | 2.0.5 |
silverstripe/graphqlPackagist | >= 3.1.0, < 3.1.2 | 3.1.2 |
Affected products
2- SilverStripe/SilverStripedescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-fx37-56v6-85q6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-12437ghsaADVISORY
- forum.silverstripe.org/c/releasesmitrex_refsource_MISC
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yamlghsaWEB
- github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097cghsaWEB
- github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ffghsaWEB
- www.silverstripe.org/blog/tag/releasemitrex_refsource_MISC
- www.silverstripe.org/download/security-releases/mitrex_refsource_CONFIRM
- www.silverstripe.org/download/security-releases/cve-2019-12437ghsaWEB
News mentions
0No linked articles in our index yet.