Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/150649?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "4.12.0-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17411?format=api", "vulnerability_id": "VCID-4f9c-aun4-wfep", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63955", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63938", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63903", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63911", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57348?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18553?format=api", "vulnerability_id": "VCID-5pkg-j4wg-7fcn", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59209?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/59210?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25920?format=api", "vulnerability_id": "VCID-6epx-c68d-d7bv", "summary": "Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-53277\n\n## Reported by\n\nLeo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77755", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.7775", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77827", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.778", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77801", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77781", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14328?format=api", "vulnerability_id": "VCID-86yd-4mkt-hydr", "summary": "Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter\n### Impact\nIf a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.\n\n**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)\n**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)\n\n### References\n- https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45281", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45359", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45323", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.454", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45371", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45422", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45417", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45367", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50544?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/50545?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25373?format=api", "vulnerability_id": "VCID-a3yc-fxa1-gfhy", "summary": "Silverstripe Framework has a XSS vulnerability in HTML editor\n### Impact\n\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.\n\n### Reported by\n\nJames Nicoll from Fujitsu Cyber\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2025-30148", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37948", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37901", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37914", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37929", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37893", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37832", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68612?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25895?format=api", "vulnerability_id": "VCID-axxx-gpfn-mqc9", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17786?format=api", "vulnerability_id": "VCID-kak1-btjp-kqgz", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags\n### Impact\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.\n\n### References:\n- https://www.silverstripe.org/download/security-releases/ss-2024-001\n- https://github.com/advisories/GHSA-5359-pvf2-pw78", "references": [ { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57580?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25884?format=api", "vulnerability_id": "VCID-kvhv-9fj5-7kgk", "summary": "Silverstripe Framework has a XSS via insert media remote file oembed\n### Impact\n\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-47605\n\n## Reported by\n\nJames Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88372", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88426", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.8841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88411", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88414", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88391", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.884", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25962?format=api", "vulnerability_id": "VCID-kw9p-5fbc-hudg", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25506?format=api", "vulnerability_id": "VCID-qjgf-hxng-j3g9", "summary": "Silverstripe Framework user enumeration via timing attack on login and password reset forms\n### Impact\nUser enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.\n\nThis was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/ss-2017-005\n- https://www.silverstripe.org/download/security-releases/ss-2025-001", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11681", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11681" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2025-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2025-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "GHSA-256q-hx8w-xcqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68612?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "GHSA-256q-hx8w-xcqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjgf-hxng-j3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17395?format=api", "vulnerability_id": "VCID-qm38-1cwk-b3hq", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49599", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49576", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49592", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.4964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49638", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49608", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57348?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17627?format=api", "vulnerability_id": "VCID-yuer-yn1w-q3gw", "summary": "Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\n### Impact\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.\n\n### References\n- https://www.silverstripe.org/download/security-releases/cve-2024-32981", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77607", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77572", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77545", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77534", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77524", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77515", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57580?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7200?format=api", "vulnerability_id": "VCID-3pwx-7wzy-qbdw", "summary": "Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21252?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwx-7wzy-qbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7068?format=api", "vulnerability_id": "VCID-3yq9-432a-p7bq", "summary": "Cross-site Scripting\nXSS In GridField print.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20985?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-35rh-ebhv-k3ds" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j5hb-hw1t-nkh3" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvfs-x2wd-p3h3" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-nmmv-bdq9-dued" }, { "vulnerability": "VCID-nyz7-hhm1-yqat" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-r2k8-fccc-jfc2" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-006-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq9-432a-p7bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7305?format=api", "vulnerability_id": "VCID-5k79-mfyz-xqhu", "summary": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21703?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/152953?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21705?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-003-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5k79-mfyz-xqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=api", "vulnerability_id": "VCID-cq8a-jun5-q3hh", "summary": "Potential SQL Injection Vulnerability in silverstripe.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21116?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/152046?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21117?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-011-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cq8a-jun5-q3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7197?format=api", "vulnerability_id": "VCID-dq8q-6agw-g3d5", "summary": "Improper Input Validation\n`HtmlEditor` improper URL sanitisation.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21252?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dq8q-6agw-g3d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7064?format=api", "vulnerability_id": "VCID-f7pc-s4mk-r7br", "summary": "Cross-site Scripting\nXSS In FormAction.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20985?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-35rh-ebhv-k3ds" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j5hb-hw1t-nkh3" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvfs-x2wd-p3h3" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-nmmv-bdq9-dued" }, { "vulnerability": "VCID-nyz7-hhm1-yqat" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-r2k8-fccc-jfc2" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-007-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7pc-s4mk-r7br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7203?format=api", "vulnerability_id": "VCID-fff2-h9gn-9qhu", "summary": "XSS vulnerability in form field validation\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21275?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/152953?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21252?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fff2-h9gn-9qhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7114?format=api", "vulnerability_id": "VCID-gw2k-419z-t7h5", "summary": "Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21116?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/152046?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21117?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-014-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gw2k-419z-t7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7085?format=api", "vulnerability_id": "VCID-j5hb-hw1t-nkh3", "summary": "Cross-site Scripting\nXSS in `Director::force_redirect()`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20765?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-010-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hb-hw1t-nkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7086?format=api", "vulnerability_id": "VCID-kvfs-x2wd-p3h3", "summary": "IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21053?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/152046?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20765?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-015-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfs-x2wd-p3h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6995?format=api", "vulnerability_id": "VCID-mys2-zz4g-kygp", "summary": "Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20765?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-017-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mys2-zz4g-kygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7066?format=api", "vulnerability_id": "VCID-pvjn-ymze-1qbd", "summary": "Cross-site Scripting\nTreeDropdownField and TreeMultiSelectField XSS.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20985?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-35rh-ebhv-k3ds" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j5hb-hw1t-nkh3" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvfs-x2wd-p3h3" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-nmmv-bdq9-dued" }, { "vulnerability": "VCID-nyz7-hhm1-yqat" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-r2k8-fccc-jfc2" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-004-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjn-ymze-1qbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7087?format=api", "vulnerability_id": "VCID-r2k8-fccc-jfc2", "summary": "Cross-site Scripting\nXSS In rewritten hash links.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21053?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/152046?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zu16-xznb-s3c7" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20765?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-a9qn-hsax-uke7" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cc1b-b6sm-zbcw" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-cq8a-jun5-q3hh" }, { "vulnerability": "VCID-dg5e-tkef-buab" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-ehd6-y3gw-fufu" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fff2-h9gn-9qhu" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gw2k-419z-t7h5" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pg9r-huax-rqfv" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-sm51-m1g2-47dz" }, { "vulnerability": "VCID-sr5y-b8d8-3yd6" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u2yt-tvtw-f3d6" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-v4g3-knhd-wqa7" }, { "vulnerability": "VCID-w7x4-tung-wyae" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-yuu2-set7-fuet" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-009-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2k8-fccc-jfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7196?format=api", "vulnerability_id": "VCID-ur9h-h6mw-fbdh", "summary": "Cross-site Scripting\nForm field validation message XSS vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21252?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5k79-mfyz-xqhu" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eaqw-9k5p-pybr" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-te88-ws12-3bc8" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-ypfw-xhud-bbfs" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zr7a-tdxv-rqff" }, { "vulnerability": "VCID-zr8u-z3r4-cbct" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9h-h6mw-fbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33340?format=api", "vulnerability_id": "VCID-xw77-b18v-8kc4", "summary": "Reflected XSS in SilverStripe\nSilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user&#39;s credentials or other sensitive user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58082", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58133", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58137", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58139", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58115", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.57999", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/", "reference_id": "CVE-2019-19325", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/" }, { "reference_url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2", "reference_id": "GHSA-qvrv-2x7x-78x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73130?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/200887?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73129?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "CVE-2019-19325", "GHSA-qvrv-2x7x-78x2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw77-b18v-8kc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7303?format=api", "vulnerability_id": "VCID-zr7a-tdxv-rqff", "summary": "Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in `GridFieldAddExistingAutocompleter`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21703?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/152953?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21705?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-002-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr7a-tdxv-rqff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7302?format=api", "vulnerability_id": "VCID-zr8u-z3r4-cbct", "summary": "Improper Authentication\n'Missing security check on `dev/build/defaults`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21703?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/152953?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3pwx-7wzy-qbdw" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dq8q-6agw-g3d5" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-t17w-gcwe-eue4" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ur9h-h6mw-fbdh" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21705?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6j2p-tzvx-9bdj" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dgn7-zmwr-u3c6" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tuwu-cznx-jqdb" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wazt-hn99-qkdk" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zgy5-8cgd-gqhm" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/150649?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-028-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr8u-z3r4-cbct" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" }