Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/145303?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/145303?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-rc3", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "4.0.0-rc3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "5.3.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340877?format=api", "vulnerability_id": "VCID-25r7-spjd-qufz", "summary": "silverstripe/framework uploaded PHP script execution in assets", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-012-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-012-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/5b7eca2b6327556e2d5ad31bb00511b187e5992a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/5b7eca2b6327556e2d5ad31bb00511b187e5992a" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-012" }, { "reference_url": "https://github.com/advisories/GHSA-f43j-8hq4-2xj9", "reference_id": "GHSA-f43j-8hq4-2xj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f43j-8hq4-2xj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81486?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81488?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-f43j-8hq4-2xj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25r7-spjd-qufz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340873?format=api", "vulnerability_id": "VCID-2e1q-fc4b-mydq", "summary": "silverstripe/framework Privilege Escalation Risk in Member Edit form", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-xpff-c35g-j3cr", "reference_id": "GHSA-xpff-c35g-j3cr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpff-c35g-j3cr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81486?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81488?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-xpff-c35g-j3cr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e1q-fc4b-mydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340872?format=api", "vulnerability_id": "VCID-2p3r-ff36-aqfm", "summary": "silverstripe/framework's URL parameters `isDev` and `isTest` unguarded", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-005-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-005-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/d935140a9528a3a42323b51d84fb2bcd3da065a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/d935140a9528a3a42323b51d84fb2bcd3da065a7" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-005" }, { "reference_url": "https://github.com/advisories/GHSA-55qg-6c4m-mw6g", "reference_id": "GHSA-55qg-6c4m-mw6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-55qg-6c4m-mw6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81486?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81488?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-55qg-6c4m-mw6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p3r-ff36-aqfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202068?format=api", "vulnerability_id": "VCID-2uck-cp19-v3e9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55469", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml", "reference_id": "CVE-2022-37421.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf", "reference_id": "GHSA-pp74-g2q5-j4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572980?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3" } ], "aliases": [ "CVE-2022-37421", "GHSA-pp74-g2q5-j4jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uck-cp19-v3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137842?format=api", "vulnerability_id": "VCID-4mg2-rjsn-qyfx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "CVE-2019-12203.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347348?format=api", "vulnerability_id": "VCID-4qq2-bbj1-8fdb", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qq2-bbj1-8fdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14861?format=api", "vulnerability_id": "VCID-5ccd-zu9e-yfgp", "summary": "Business Logic Errors in GitHub repository silverstripe/silverstripe-framework", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2" }, { "reference_url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227", "reference_id": "CVE-2022-0227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227" }, { "reference_url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8", "reference_id": "GHSA-32m2-9f76-4gv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59361?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1" } ], "aliases": [ "CVE-2022-0227", "GHSA-32m2-9f76-4gv8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ccd-zu9e-yfgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340882?format=api", "vulnerability_id": "VCID-6zn9-kt2q-s3bq", "summary": "silverstripe/framework has possible denial of service attack vector when flushing", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-019" }, { "reference_url": "https://github.com/advisories/GHSA-cwgq-83w5-8jfq", "reference_id": "GHSA-cwgq-83w5-8jfq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwgq-83w5-8jfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81500?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/81495?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/81497?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2" } ], "aliases": [ "GHSA-cwgq-83w5-8jfq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zn9-kt2q-s3bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137865?format=api", "vulnerability_id": "VCID-7kmy-8ht6-8fcw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74368?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183572?format=api", "vulnerability_id": "VCID-8csb-m7rv-xyh2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57606", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml", "reference_id": "CVE-2021-41559.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w", "reference_id": "GHSA-9fmg-89fx-r33w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/549782?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78408?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" } ], "aliases": [ "CVE-2021-41559", "GHSA-9fmg-89fx-r33w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8csb-m7rv-xyh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137866?format=api", "vulnerability_id": "VCID-9vwe-uejx-c3c5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36012", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74359?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18178?format=api", "vulnerability_id": "VCID-adng-1x6w-2baj", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65165?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/65166?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adng-1x6w-2baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340875?format=api", "vulnerability_id": "VCID-c3aa-8je2-quek", "summary": "silverstripe/framework BackURL validation bypass with malformed URLs", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-008" }, { "reference_url": "https://github.com/advisories/GHSA-m5q3-mvcr-gc5m", "reference_id": "GHSA-m5q3-mvcr-gc5m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m5q3-mvcr-gc5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81486?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81488?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-m5q3-mvcr-gc5m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3aa-8je2-quek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159546?format=api", "vulnerability_id": "VCID-cskj-c9ur-47dj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44161", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cskj-c9ur-47dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270458?format=api", "vulnerability_id": "VCID-d1ap-2u1x-y7gg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.78068", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ap-2u1x-y7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254932?format=api", "vulnerability_id": "VCID-d6gt-9mst-dub4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77841", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "CVE-2024-32981.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82191?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6gt-9mst-dub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159547?format=api", "vulnerability_id": "VCID-djww-2v4e-qkb2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52834", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml", "reference_id": "CVE-2020-26138.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44", "reference_id": "GHSA-7mv4-4xpg-xq44", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76628?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-26138", "GHSA-7mv4-4xpg-xq44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djww-2v4e-qkb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347356?format=api", "vulnerability_id": "VCID-ewqs-8fqc-b3hk", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewqs-8fqc-b3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17483?format=api", "vulnerability_id": "VCID-gr5g-7tkc-2kfa", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17257", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63807?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr5g-7tkc-2kfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340871?format=api", "vulnerability_id": "VCID-hp6e-75gr-uuan", "summary": "silverstripe/framework SQL injection in full text search", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-008" }, { "reference_url": "https://github.com/advisories/GHSA-xx4r-5265-48j6", "reference_id": "GHSA-xx4r-5265-48j6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xx4r-5265-48j6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-xx4r-5265-48j6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hp6e-75gr-uuan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340870?format=api", "vulnerability_id": "VCID-hsfb-xx67-7qg6", "summary": "silverstripe/framework users inadvertently passing sensitive data to LoginAttempt", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-009" }, { "reference_url": "https://github.com/advisories/GHSA-ph62-fv59-vf9h", "reference_id": "GHSA-ph62-fv59-vf9h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ph62-fv59-vf9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-ph62-fv59-vf9h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsfb-xx67-7qg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340881?format=api", "vulnerability_id": "VCID-jxym-rkhj-yybr", "summary": "silverstripe/framework may disclose database credentials during connection failure", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-018", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-018" }, { "reference_url": "https://github.com/advisories/GHSA-m2hh-2m46-x6j5", "reference_id": "GHSA-m2hh-2m46-x6j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2hh-2m46-x6j5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81500?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/81495?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/81497?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2" } ], "aliases": [ "GHSA-m2hh-2m46-x6j5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxym-rkhj-yybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139230?format=api", "vulnerability_id": "VCID-k1aa-deyg-2kdg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57522", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s99v-qdmh-ebf8" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1aa-deyg-2kdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341099?format=api", "vulnerability_id": "VCID-k2xa-uwrr-ffez", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "GHSA-5359-pvf2-pw78", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82191?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2xa-uwrr-ffez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139231?format=api", "vulnerability_id": "VCID-k6ed-y2ud-wffu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56678", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "CVE-2019-14273.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s99v-qdmh-ebf8" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ed-y2ud-wffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340869?format=api", "vulnerability_id": "VCID-k8vz-xw7w-e3dg", "summary": "silverstripe/framework CSV Excel Macro Injection", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://github.com/advisories/GHSA-mqjc-x563-c9q8", "reference_id": "GHSA-mqjc-x563-c9q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqjc-x563-c9q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-mqjc-x563-c9q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8vz-xw7w-e3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265745?format=api", "vulnerability_id": "VCID-kcq9-5h99-abct", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05366", "scoring_system": "epss", "scoring_elements": "0.9023", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcq9-5h99-abct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138126?format=api", "vulnerability_id": "VCID-m2bw-tabk-qyd8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "CVE-2019-12617.YAML", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340883?format=api", "vulnerability_id": "VCID-mfzd-r5pm-q7es", "summary": "silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-020", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-020" }, { "reference_url": "https://github.com/advisories/GHSA-265q-222x-52m6", "reference_id": "GHSA-265q-222x-52m6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-265q-222x-52m6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81503?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/81501?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81502?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.3" } ], "aliases": [ "GHSA-265q-222x-52m6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfzd-r5pm-q7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14158?format=api", "vulnerability_id": "VCID-mvra-6wnv-xya1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59233", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150" }, { "reference_url": "https://github.com/advisories/GHSA-j66h-cc96-c32q", "reference_id": "GHSA-j66h-cc96-c32q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66h-cc96-c32q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/495335?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58206?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0" } ], "aliases": [ "CVE-2021-36150", "GHSA-j66h-cc96-c32q" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvra-6wnv-xya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17473?format=api", "vulnerability_id": "VCID-nzdu-xh5w-27g7", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63807?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzdu-xh5w-27g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340879?format=api", "vulnerability_id": "VCID-pmb3-k9w1-y7gm", "summary": "silverstripe/framework vulnerable to member disclosure in login form", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-010-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-010-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/5887201dd578a5b9779c33a182153d2ce973ab41", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/5887201dd578a5b9779c33a182153d2ce973ab41" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-010" }, { "reference_url": "https://github.com/advisories/GHSA-crr3-h4m8-7f56", "reference_id": "GHSA-crr3-h4m8-7f56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crr3-h4m8-7f56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81486?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81488?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-crr3-h4m8-7f56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmb3-k9w1-y7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159392?format=api", "vulnerability_id": "VCID-qrhh-c86j-rqe6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57604", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817", "reference_id": "CVE-2020-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817", "reference_id": "CVE-2021-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817" }, { "reference_url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8", "reference_id": "GHSA-3vjc-5x79-m9r8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76628?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-25817", "GHSA-3vjc-5x79-m9r8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrhh-c86j-rqe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340874?format=api", "vulnerability_id": "VCID-s99v-qdmh-ebf8", "summary": "silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-010" }, { "reference_url": "https://github.com/advisories/GHSA-r3pr-fh25-wrfc", "reference_id": "GHSA-r3pr-fh25-wrfc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3pr-fh25-wrfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-r3pr-fh25-wrfc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s99v-qdmh-ebf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19289?format=api", "vulnerability_id": "VCID-txyu-4qkf-r3cs", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nSilverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45409", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "CVE-2023-48714.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67386?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/67387?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txyu-4qkf-r3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137844?format=api", "vulnerability_id": "VCID-x6g5-a61e-3khu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292206?format=api", "vulnerability_id": "VCID-ywfx-pjg6-aqcj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45159", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193268?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywfx-pjg6-aqcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13696?format=api", "vulnerability_id": "VCID-yxg1-dz91-ckgs", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41992", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-ywfx-pjg6-aqcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-rc3" }