GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability.

An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state.

**Package**

composer silverstripe/framework (Composer)

**Affected versions**

\>= 4.0.0, < 4.10.11

\>= 4.11.0, < 4.11.14

**Patched versions**

4.10.11

4.11.14

Headline

GHSA-rr8h-f97q-8p9c: Blind SQL Injection via GridFieldSortableHeader

ghsa: Latest News