First published: Tue Sep 24 2019(Updated: )
CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/assets | >=1.0.0<1.3.5>=1.4.0<1.4.4 | |
Silverstripe silverstripe | <=4.3.3 | |
composer/silverstripe/assets | >=1.4.0<1.4.4 | 1.4.4 |
composer/silverstripe/assets | >=1.0.0<1.3.5 | 1.3.5 |
composer/silverstripe/framework | >=4.4.0<4.4.4 | 4.4.4 |
composer/silverstripe/framework | >=4.0.0<4.3.6 | 4.3.6 |
composer/silverstripe/framework | >=3.7.0<3.7.4 | 3.7.4 |
composer/silverstripe/framework | <3.6.8 | 3.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12245 is an incorrect access control vulnerability in files uploaded to protected folders.
CVE-2019-12245 affects the following software: composer/silverstripe/assets versions 1.0.0 to 1.3.5, 1.4.0 to 1.4.4.
To fix CVE-2019-12245, update the composer/silverstripe/assets package to version 1.4.5 or higher.
Yes, there is a security release available for CVE-2019-12245. Please refer to the following link for more information: [silverstripe.org](https://www.silverstripe.org/download/security-releases/cve-2019-12245/).
The severity of CVE-2019-12245 is high.