Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/199456?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "4.12.0-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56522?format=api", "vulnerability_id": "VCID-11sx-j3x7-gkcr", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11sx-j3x7-gkcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57120?format=api", "vulnerability_id": "VCID-2hk2-hzyh-wbhf", "summary": "Silverstripe Framework user enumeration via timing attack on login and password reset forms\nUser enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.\n\nThis was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11681", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11681" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2025-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2025-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "GHSA-256q-hx8w-xcqx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "GHSA-256q-hx8w-xcqx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84817?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "GHSA-256q-hx8w-xcqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hk2-hzyh-wbhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56456?format=api", "vulnerability_id": "VCID-5cfa-whq6-9ucp", "summary": "Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.8117", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81173", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "CVE-2024-53277", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "CVE-2024-53277", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "CVE-2024-53277.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfa-whq6-9ucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57123?format=api", "vulnerability_id": "VCID-79qx-v5uu-jyf2", "summary": "Silverstripe Framework has a XSS vulnerability in HTML editor\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45229", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45211", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45231", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "CVE-2025-30148", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "CVE-2025-30148", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "CVE-2025-30148.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84817?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79qx-v5uu-jyf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56468?format=api", "vulnerability_id": "VCID-86vg-4j71-hkgr", "summary": "Silverstripe Framework has a XSS via insert media remote file oembed\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91696", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.917", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "CVE-2024-47605", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "CVE-2024-47605", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "CVE-2024-47605.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86vg-4j71-hkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56477?format=api", "vulnerability_id": "VCID-8u5c-6vx3-mfcr", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5c-6vx3-mfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46874?format=api", "vulnerability_id": "VCID-9y5u-qyzd-3ud9", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nSilverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45462", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45482", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45478", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68579?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/68580?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45052?format=api", "vulnerability_id": "VCID-a7cf-kpzy-xudd", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42323", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42307", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42334", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64977?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45758?format=api", "vulnerability_id": "VCID-gnpw-s9hp-wqfs", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66345?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/66346?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55532?format=api", "vulnerability_id": "VCID-k46z-g6jp-57ek", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "GHSA-5359-pvf2-pw78", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82195?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k46z-g6jp-57ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55529?format=api", "vulnerability_id": "VCID-ky21-z2d2-sye6", "summary": "Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77907", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77917", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "CVE-2024-32981.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82195?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky21-z2d2-sye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45062?format=api", "vulnerability_id": "VCID-zdge-zsmz-8ud9", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17315", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17279", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17318", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1724", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64977?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37828?format=api", "vulnerability_id": "VCID-3snr-vtda-jqdj", "summary": "Cross-site Scripting\nXSS In rewritten hash links.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52217?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/200782?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51943?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-009-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37943?format=api", "vulnerability_id": "VCID-4n9x-x4kd-jyfu", "summary": "XSS vulnerability in form field validation\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52403?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/201700?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52397?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9x-x4kd-jyfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52270?format=api", "vulnerability_id": "VCID-5dt7-nc8t-nqgh", "summary": "Cross-site Scripting\nSilverStripe allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar `FormField` attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5838", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19325" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325", "reference_id": "CVE-2019-19325", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325", "reference_id": "CVE-2019-19325", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/", "reference_id": "CVE-2019-19325", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325/" }, { "reference_url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2", "reference_id": "GHSA-qvrv-2x7x-78x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvrv-2x7x-78x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76708?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/249187?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76709?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "CVE-2019-19325", "GHSA-qvrv-2x7x-78x2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dt7-nc8t-nqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37806?format=api", "vulnerability_id": "VCID-8jxx-tgck-fuf1", "summary": "Cross-site Scripting\nXSS In GridField print.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52151?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3snr-vtda-jqdj" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-7j9y-p9s4-y7bg" }, { "vulnerability": "VCID-7u7w-z8e3-aygf" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-8xwp-xd3k-fqaz" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-cscn-9erz-dfh1" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-kgf1-m5hq-1yay" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-006-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jxx-tgck-fuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37802?format=api", "vulnerability_id": "VCID-8wmb-64qq-7uh2", "summary": "Cross-site Scripting\nXSS In FormAction.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52151?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3snr-vtda-jqdj" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-7j9y-p9s4-y7bg" }, { "vulnerability": "VCID-7u7w-z8e3-aygf" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-8xwp-xd3k-fqaz" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-cscn-9erz-dfh1" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-kgf1-m5hq-1yay" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-007-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wmb-64qq-7uh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37827?format=api", "vulnerability_id": "VCID-8xwp-xd3k-fqaz", "summary": "IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52217?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/200782?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51943?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-015-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37941?format=api", "vulnerability_id": "VCID-h4k6-fruf-uqff", "summary": "Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52397?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4k6-fruf-uqff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38031?format=api", "vulnerability_id": "VCID-hnhv-qx7p-wqcw", "summary": "Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in `GridFieldAddExistingAutocompleter`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52530?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/201700?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52531?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3svb-wudn-aybz" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-002-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhv-qx7p-wqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37826?format=api", "vulnerability_id": "VCID-kgf1-m5hq-1yay", "summary": "Cross-site Scripting\nXSS in `Director::force_redirect()`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51943?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-010-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf1-m5hq-1yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37939?format=api", "vulnerability_id": "VCID-nu3h-nb1g-67bs", "summary": "Improper Input Validation\n`HtmlEditor` improper URL sanitisation.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52397?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3h-nb1g-67bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37804?format=api", "vulnerability_id": "VCID-rmsa-pfr6-zkg3", "summary": "Cross-site Scripting\nTreeDropdownField and TreeMultiSelectField XSS.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52151?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3snr-vtda-jqdj" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-7j9y-p9s4-y7bg" }, { "vulnerability": "VCID-7u7w-z8e3-aygf" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-8xwp-xd3k-fqaz" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-cscn-9erz-dfh1" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-kgf1-m5hq-1yay" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-004-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmsa-pfr6-zkg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38030?format=api", "vulnerability_id": "VCID-rrmd-ud59-ffbp", "summary": "Improper Authentication\n'Missing security check on `dev/build/defaults`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52530?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/201700?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52531?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3svb-wudn-aybz" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-028-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrmd-ud59-ffbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37735?format=api", "vulnerability_id": "VCID-u6za-xw77-8kgx", "summary": "Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51943?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5ztp-wmty-aybx" }, { "vulnerability": "VCID-78b6-1v3w-qfc3" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7bpb-cgj3-b7ay" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-puvt-j32v-77eh" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-ue4x-s1c4-zkcz" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-uyxp-7fh1-77cg" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-wmfv-vtnz-bkad" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-017-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6za-xw77-8kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37857?format=api", "vulnerability_id": "VCID-uyxp-7fh1-77cg", "summary": "Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52279?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/200782?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52280?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-014-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38032?format=api", "vulnerability_id": "VCID-vatm-1vbd-bfam", "summary": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52530?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/201700?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52531?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3svb-wudn-aybz" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-003-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vatm-1vbd-bfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37855?format=api", "vulnerability_id": "VCID-wmfv-vtnz-bkad", "summary": "Potential SQL Injection Vulnerability in silverstripe.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52279?format=api", "purl": "pkg:composer/silverstripe/framework@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/200782?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-96f5-5qyr-g7d5" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52280?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4h4a-xgrk-d7ec" }, { "vulnerability": "VCID-4n9x-x4kd-jyfu" }, { "vulnerability": "VCID-554z-dzgc-2fgz" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8m1h-utem-jud3" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b7xq-cz8w-ubgm" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h4k6-fruf-uqff" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nu3h-nb1g-67bs" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sfyd-qn7r-eqdg" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-twrb-6j51-aqcy" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xsgv-a7bd-fqh8" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-yfuu-th6b-nba4" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zca8-91sf-qkb4" }, { "vulnerability": "VCID-zckr-zxq4-jyev" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-011-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37938?format=api", "vulnerability_id": "VCID-yfuu-th6b-nba4", "summary": "Cross-site Scripting\nForm field validation message XSS vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52397?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-1uhv-fetz-j7fd" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7ek4-6y31-1qcs" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9hf4-djcv-67d7" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-at1s-qxsg-5yfs" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c437-w2zy-y7c9" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-cqjc-tsv5-7beg" }, { "vulnerability": "VCID-ecy2-x3a9-qbbx" }, { "vulnerability": "VCID-evh4-xq48-4fa6" }, { "vulnerability": "VCID-ewg1-jqza-eyez" }, { "vulnerability": "VCID-ggbg-8mtc-hudc" }, { "vulnerability": "VCID-gkkp-9fm7-jfaz" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-heyh-s54f-8qap" }, { "vulnerability": "VCID-hnhv-qx7p-wqcw" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m5rs-qptc-vued" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-q939-fszs-wfdp" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qj5k-bcw3-5fgq" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-rrmd-ud59-ffbp" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-vatm-1vbd-bfam" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-z28b-1yrx-1bbn" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199456?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfuu-th6b-nba4" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" }