Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@4.2.0-rc1
Typecomposer
Namespacesilverstripe
Nameframework
Version4.2.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-c75p-3hdz-q3b6
vulnerability_id VCID-c75p-3hdz-q3b6
summary 
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-020
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-020
5
reference_url https://github.com/advisories/GHSA-265q-222x-52m6
reference_id GHSA-265q-222x-52m6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-265q-222x-52m6
fixed_packages
0
url pkg:composer/silverstripe/framework@4.2.3
purl pkg:composer/silverstripe/framework@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-m8w1-g9h9-vuce
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qjgf-hxng-j3g9
32
vulnerability VCID-qm38-1cwk-b3hq
33
vulnerability VCID-tc2y-zrea-vyb2
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ua49-snhx-dqa4
36
vulnerability VCID-w4fh-cpaq-nqat
37
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.3
aliases GHSA-265q-222x-52m6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c75p-3hdz-q3b6
1
url VCID-kxyq-vg6e-6uac
vulnerability_id VCID-kxyq-vg6e-6uac
summary 
silverstripe/framework has possible denial of service attack vector when flushing
A possible denial of service attack vector has been identified in the dev/build system controller.

dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-019
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-019
6
reference_url https://github.com/advisories/GHSA-cwgq-83w5-8jfq
reference_id GHSA-cwgq-83w5-8jfq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwgq-83w5-8jfq
fixed_packages
0
url pkg:composer/silverstripe/framework@4.2.2
purl pkg:composer/silverstripe/framework@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-ftdr-uzuh-8ybc
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-gme6-wj87-ekfw
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kd3t-2gzd-q3hq
25
vulnerability VCID-kgm4-g26x-gken
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-m8w1-g9h9-vuce
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qjgf-hxng-j3g9
33
vulnerability VCID-qm38-1cwk-b3hq
34
vulnerability VCID-tc2y-zrea-vyb2
35
vulnerability VCID-u49v-31sv-eqc3
36
vulnerability VCID-ua49-snhx-dqa4
37
vulnerability VCID-w4fh-cpaq-nqat
38
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2
aliases GHSA-cwgq-83w5-8jfq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxyq-vg6e-6uac
2
url VCID-qak9-2t7g-w3fv
vulnerability_id VCID-qak9-2t7g-w3fv
summary 
silverstripe/framework may disclose database credentials during connection failure
When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details.

We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-018
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-018
6
reference_url https://github.com/advisories/GHSA-m2hh-2m46-x6j5
reference_id GHSA-m2hh-2m46-x6j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2hh-2m46-x6j5
fixed_packages
0
url pkg:composer/silverstripe/framework@4.2.2
purl pkg:composer/silverstripe/framework@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-ftdr-uzuh-8ybc
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-gme6-wj87-ekfw
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kd3t-2gzd-q3hq
25
vulnerability VCID-kgm4-g26x-gken
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-m8w1-g9h9-vuce
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qjgf-hxng-j3g9
33
vulnerability VCID-qm38-1cwk-b3hq
34
vulnerability VCID-tc2y-zrea-vyb2
35
vulnerability VCID-u49v-31sv-eqc3
36
vulnerability VCID-ua49-snhx-dqa4
37
vulnerability VCID-w4fh-cpaq-nqat
38
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2
aliases GHSA-m2hh-2m46-x6j5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qak9-2t7g-w3fv
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.0-rc1