CVE-2019-12437 — Cross-Site Request Forgery in Graphql

Severity

8.8HIGHNVD

EPSS

0.2%

top 57.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 19

Latest updateMay 24

Description

In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶Packagistsilverstripe/graphql2.0.0 — 2.0.5+1

OSV

Silverstripe CSRF Protection Bypass via GraphQL↗2022-05-24

▶

GHSA

Silverstripe CSRF Protection Bypass via GraphQL↗2022-05-24

▶