Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/22303?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/22303?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0-alpha", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.3.0-alpha", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7385?format=api", "vulnerability_id": "VCID-6j2p-tzvx-9bdj", "summary": "Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989" }, { "reference_url": "http://stackoverflow.com/a/15350123", "reference_id": "", "reference_type": "", "scores": [], "url": "http://stackoverflow.com/a/15350123" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22320?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mh2-7nc4-pqg2" }, { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-edex-qc8j-xfhn" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-qnsx-aa52-fkhf" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22319?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4fez-w6cm-rkf5" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-006" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j2p-tzvx-9bdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7386?format=api", "vulnerability_id": "VCID-dgn7-zmwr-u3c6", "summary": "CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-029", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22320?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mh2-7nc4-pqg2" }, { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-edex-qc8j-xfhn" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-qnsx-aa52-fkhf" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22319?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4fez-w6cm-rkf5" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2015-029" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgn7-zmwr-u3c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7382?format=api", "vulnerability_id": "VCID-tuwu-cznx-jqdb", "summary": "XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22320?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mh2-7nc4-pqg2" }, { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-edex-qc8j-xfhn" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-qnsx-aa52-fkhf" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22319?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4fez-w6cm-rkf5" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuwu-cznx-jqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7381?format=api", "vulnerability_id": "VCID-wazt-hn99-qkdk", "summary": "Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22320?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mh2-7nc4-pqg2" }, { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-edex-qc8j-xfhn" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-qnsx-aa52-fkhf" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22319?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4fez-w6cm-rkf5" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-005" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wazt-hn99-qkdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7384?format=api", "vulnerability_id": "VCID-zgy5-8cgd-gqhm", "summary": "XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22320?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mh2-7nc4-pqg2" }, { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-edex-qc8j-xfhn" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-qnsx-aa52-fkhf" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22319?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4fez-w6cm-rkf5" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6yv4-xevb-v7b2" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-8am6-aeny-ffej" }, { "vulnerability": "VCID-8wbx-bvm9-jqcv" }, { "vulnerability": "VCID-8zj1-kn8e-kbbn" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ade4-h51n-3bap" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cg3k-vmk4-5kdb" }, { "vulnerability": "VCID-dx5f-g875-5bct" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-hgkh-tcdc-ufd5" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-k7bb-y315-4qb6" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kqk7-mdnd-hfc7" }, { "vulnerability": "VCID-krjm-ygks-wyct" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-nt4w-m7ak-4bbx" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p52e-s67u-eya7" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-vtva-utdn-jkce" }, { "vulnerability": "VCID-wrnm-d19b-hqby" }, { "vulnerability": "VCID-ya8k-c5s5-47gx" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" }, { "vulnerability": "VCID-z7fk-zbvh-quew" }, { "vulnerability": "VCID-zxmh-xcvd-53fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-004" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgy5-8cgd-gqhm" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-alpha" }