php · statamic/cmsCritical
statamic/cms: Incomplete fix for GHSA-4jjr-vmv7-wh4w allows sort parameter manipulation
In-memory collection sorting lacked protection, allowing manipulation of sort parameters to cause loss of content and assets.
What changed
In-memory collection sorting lacked protection, allowing manipulation of sort parameters to cause loss of content and assets.
Who it affects
Sites using statamic/cms versions before 5.73.23 or 6.20.0 that have front-end templates passing request input into a tag's sort parameter.
What to do today
Upgrade to statamic/cms 5.73.23 or 6.20.0 immediately.
The trail
Collected→
Audited→
Written→
Published