Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symbiote/silverstripe-versionedfiles@1.0.11
Typecomposer
Namespacesymbiote
Namesilverstripe-versionedfiles
Version1.0.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-m8w1-g9h9-vuce
vulnerability_id VCID-m8w1-g9h9-vuce
summary 
SilverStripe Versioned Files module Unpublished files are exposed publicly
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16409
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53191
published_at 2026-04-16T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53076
published_at 2026-04-01T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53096
published_at 2026-04-02T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.5312
published_at 2026-04-04T12:55:00Z
4
value 0.00298
scoring_system epss
scoring_elements 0.53088
published_at 2026-04-07T12:55:00Z
5
value 0.00298
scoring_system epss
scoring_elements 0.53139
published_at 2026-04-08T12:55:00Z
6
value 0.00298
scoring_system epss
scoring_elements 0.53133
published_at 2026-04-09T12:55:00Z
7
value 0.00298
scoring_system epss
scoring_elements 0.53183
published_at 2026-04-11T12:55:00Z
8
value 0.00298
scoring_system epss
scoring_elements 0.53168
published_at 2026-04-12T12:55:00Z
9
value 0.00298
scoring_system epss
scoring_elements 0.53151
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16409
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/symbiote/silverstripe-versionedfiles
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symbiote/silverstripe-versionedfiles
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16409
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16409
5
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-16409
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-16409
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:symbiote:versionedfiles:*:*:*:*:*:silverstripe:*:*
reference_id cpe:2.3:a:symbiote:versionedfiles:*:*:*:*:*:silverstripe:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:symbiote:versionedfiles:*:*:*:*:*:silverstripe:*:*
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-16409/
reference_id CVE-2019-16409
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-16409/
9
reference_url https://github.com/advisories/GHSA-xm6j-x342-gwq9
reference_id GHSA-xm6j-x342-gwq9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xm6j-x342-gwq9
fixed_packages
aliases CVE-2019-16409, GHSA-xm6j-x342-gwq9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8w1-g9h9-vuce
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symbiote/silverstripe-versionedfiles@1.0.11