CVE-2021-28661

Description

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.

Affected packages (2)

• Bitnami/silverstripe>= 3.0.0, < 3.4.1
• Packagist/silverstripe/graphql>= 3.0.0, < 3.5.2

CVSS scores

References (7)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28661
• PATCHhttps://github.com/silverstripe/silverstripe-graphql
• WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
• WEBhttps://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
• WEBhttps://github.com/silverstripe/silverstripe-graphql/releases
• WEBhttps://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
• WEBhttps://www.silverstripe.org/download/security-releases/CVE-2021-28661