Merge pull request #739 from creative-commoners/pulls/master/jan2025

Add CVE details for January 2025 Silverstripe CMS patches
FriendsOfPHP · Jan 23, 2025 · 034e882 · 034e882
2 parents 0386c23 + a44e21c
commit 034e882
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/silverstripe/framework/CVE-2024-47605.yaml b/silverstripe/framework/CVE-2024-47605.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-47605 - XSS via insert media remote file oembed"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-47605
+cve:       CVE-2024-47605
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:19
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/CVE-2024-53277.yaml b/silverstripe/framework/CVE-2024-53277.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-53277 - XSS in form messages"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-53277
+cve:       CVE-2024-53277
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:36
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-002.yaml b/silverstripe/framework/SS-2024-002.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-002
+cve:       ~
+branches:
+    5.3.x:
+        time:     2025-01-14 21:23:51
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework