Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.5.7-rc1
Typecomposer
Namespacesilverstripe
Nameframework
Version3.5.7-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-ff5q-59gf-nugg
vulnerability_id VCID-ff5q-59gf-nugg
summary 
silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission `EDIT_PERMISSIONS` and access to the "Security" section is able to re-assign themselves (or another member) to `ADMIN` level.

CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-001
5
reference_url https://github.com/advisories/GHSA-xpff-c35g-j3cr
reference_id GHSA-xpff-c35g-j3cr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpff-c35g-j3cr
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.8
purl pkg:composer/silverstripe/framework@3.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.8
1
url pkg:composer/silverstripe/framework@3.6.6
purl pkg:composer/silverstripe/framework@3.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.6
2
url pkg:composer/silverstripe/framework@4.0.4
purl pkg:composer/silverstripe/framework@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-c75p-3hdz-q3b6
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-kxyq-vg6e-6uac
29
vulnerability VCID-m8w1-g9h9-vuce
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qak9-2t7g-w3fv
33
vulnerability VCID-qjgf-hxng-j3g9
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-u49v-31sv-eqc3
37
vulnerability VCID-ua49-snhx-dqa4
38
vulnerability VCID-w4fh-cpaq-nqat
39
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4
3
url pkg:composer/silverstripe/framework@4.1.1
purl pkg:composer/silverstripe/framework@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-ftdr-uzuh-8ybc
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-gme6-wj87-ekfw
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kd3t-2gzd-q3hq
25
vulnerability VCID-kgm4-g26x-gken
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-kxyq-vg6e-6uac
30
vulnerability VCID-m8w1-g9h9-vuce
31
vulnerability VCID-p2kq-rkh6-ayeu
32
vulnerability VCID-pq29-qe7h-tkcp
33
vulnerability VCID-qak9-2t7g-w3fv
34
vulnerability VCID-qjgf-hxng-j3g9
35
vulnerability VCID-qm38-1cwk-b3hq
36
vulnerability VCID-tc2y-zrea-vyb2
37
vulnerability VCID-u49v-31sv-eqc3
38
vulnerability VCID-ua49-snhx-dqa4
39
vulnerability VCID-w4fh-cpaq-nqat
40
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1
aliases GHSA-xpff-c35g-j3cr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ff5q-59gf-nugg
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.7-rc1