-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper URL validation in Director::is_absolute_url. The commit shows a critical regex modification (from '/{2,}' to '(\|/){2,}') to detect both forward and backward slashes. Test cases added in DirectorTest.php verify this fix by checking various slash patterns. This function's failure to properly validate absolute URLs allowed attackers to craft malicious redirect URLs that bypassed security controls, leading to the open redirect vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | < 4.12.5 | 4.12.5 |
PHPPHPOngoing coverage of React2Shell