-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from missing CSRF protection and HTTP method enforcement for mutations. The commit added CSRFMiddleware (to validate() tokens) and HTTPMethodMiddleware (to enforce POST for mutations). In vulnerable versions, the Controller's index method processed requests without these checks, and Manager's middleware stack lacked these protections. The absence of these specific middleware integrations in the request handling flow made the system accept unauthorized mutations via GET requests, enabling CSRF attacks.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/graphql | composer | >= 2.0.0, < 2.0.3 | 2.0.3 |