Moderate severityNVD Advisory· Published Jul 15, 2020· Updated Aug 5, 2024
CVE-2019-19326
CVE-2019-19326
Description
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/frameworkPackagist | >= 4.0.0, < 4.4.7 | 4.4.7 |
silverstripe/frameworkPackagist | >= 4.5.0, < 4.5.4 | 4.5.4 |
silverstripe/frameworkPackagist | >= 3.0.0, < 3.7.5 | 3.7.5 |
Affected products
2- Silverstripe/CMSdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-q9ff-3q93-fm8mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-19326ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yamlghsaWEB
- github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851ghsaWEB
- github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509aghsaWEB
- github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556eghsaWEB
- www.silverstripe.org/download/security-releases/CVE-2019-19326ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.