CVE-2019-19326

Description

SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.

How to fix CVE-2019-19326

To remediate CVE-2019-19326, upgrade the affected package to a fixed version below.

• Packagist/silverstripe/framework—upgrade to 4.4.7 or later

Is CVE-2019-19326 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 4.0.0, < 4.4.7

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-19326
• PATCHgithub.com/silverstripe/silverstripe-framework
• WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
• WEBgithub.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851