Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.2.0-alpha0
Typecomposer
Namespacesilverstripe
Nameframework
Version3.2.0-alpha0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-8wbx-bvm9-jqcv
vulnerability_id VCID-8wbx-bvm9-jqcv
summary 
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.10-stable
purl pkg:composer/silverstripe/framework@3.4.10-stable
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wbx-bvm9-jqcv
1
url VCID-dx5f-g875-5bct
vulnerability_id VCID-dx5f-g875-5bct
summary 
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-j6ze-f76y-cqgy
26
vulnerability VCID-kak1-btjp-kqgz
27
vulnerability VCID-kdyk-rrrr-pufw
28
vulnerability VCID-krjm-ygks-wyct
29
vulnerability VCID-kvhv-9fj5-7kgk
30
vulnerability VCID-kw9p-5fbc-hudg
31
vulnerability VCID-kxa8-dmva-ayff
32
vulnerability VCID-p2kq-rkh6-ayeu
33
vulnerability VCID-pq29-qe7h-tkcp
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-tm1s-2m92-uyh9
37
vulnerability VCID-tzmx-hfk2-7ufr
38
vulnerability VCID-u49v-31sv-eqc3
39
vulnerability VCID-ya8k-c5s5-47gx
40
vulnerability VCID-yuer-yn1w-q3gw
41
vulnerability VCID-z7fk-zbvh-quew
42
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-014
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx5f-g875-5bct
2
url VCID-hgkh-tcdc-ufd5
vulnerability_id VCID-hgkh-tcdc-ufd5
summary 
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-j6ze-f76y-cqgy
26
vulnerability VCID-kak1-btjp-kqgz
27
vulnerability VCID-kdyk-rrrr-pufw
28
vulnerability VCID-krjm-ygks-wyct
29
vulnerability VCID-kvhv-9fj5-7kgk
30
vulnerability VCID-kw9p-5fbc-hudg
31
vulnerability VCID-kxa8-dmva-ayff
32
vulnerability VCID-p2kq-rkh6-ayeu
33
vulnerability VCID-pq29-qe7h-tkcp
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-tm1s-2m92-uyh9
37
vulnerability VCID-tzmx-hfk2-7ufr
38
vulnerability VCID-u49v-31sv-eqc3
39
vulnerability VCID-ya8k-c5s5-47gx
40
vulnerability VCID-yuer-yn1w-q3gw
41
vulnerability VCID-z7fk-zbvh-quew
42
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgkh-tcdc-ufd5
3
url VCID-k7bb-y315-4qb6
vulnerability_id VCID-k7bb-y315-4qb6
summary 
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-j6ze-f76y-cqgy
26
vulnerability VCID-kak1-btjp-kqgz
27
vulnerability VCID-kdyk-rrrr-pufw
28
vulnerability VCID-krjm-ygks-wyct
29
vulnerability VCID-kvhv-9fj5-7kgk
30
vulnerability VCID-kw9p-5fbc-hudg
31
vulnerability VCID-kxa8-dmva-ayff
32
vulnerability VCID-p2kq-rkh6-ayeu
33
vulnerability VCID-pq29-qe7h-tkcp
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-tm1s-2m92-uyh9
37
vulnerability VCID-tzmx-hfk2-7ufr
38
vulnerability VCID-u49v-31sv-eqc3
39
vulnerability VCID-ya8k-c5s5-47gx
40
vulnerability VCID-yuer-yn1w-q3gw
41
vulnerability VCID-z7fk-zbvh-quew
42
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-015
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7bb-y315-4qb6
4
url VCID-p52e-s67u-eya7
vulnerability_id VCID-p52e-s67u-eya7
summary 
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-j6ze-f76y-cqgy
26
vulnerability VCID-kak1-btjp-kqgz
27
vulnerability VCID-kdyk-rrrr-pufw
28
vulnerability VCID-krjm-ygks-wyct
29
vulnerability VCID-kvhv-9fj5-7kgk
30
vulnerability VCID-kw9p-5fbc-hudg
31
vulnerability VCID-kxa8-dmva-ayff
32
vulnerability VCID-p2kq-rkh6-ayeu
33
vulnerability VCID-pq29-qe7h-tkcp
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-tm1s-2m92-uyh9
37
vulnerability VCID-tzmx-hfk2-7ufr
38
vulnerability VCID-u49v-31sv-eqc3
39
vulnerability VCID-ya8k-c5s5-47gx
40
vulnerability VCID-yuer-yn1w-q3gw
41
vulnerability VCID-z7fk-zbvh-quew
42
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p52e-s67u-eya7
5
url VCID-wrnm-d19b-hqby
vulnerability_id VCID-wrnm-d19b-hqby
summary 
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-008/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cg3k-vmk4-5kdb
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-j6ze-f76y-cqgy
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-krjm-ygks-wyct
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-ya8k-c5s5-47gx
36
vulnerability VCID-yuer-yn1w-q3gw
37
vulnerability VCID-z7fk-zbvh-quew
38
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-j6ze-f76y-cqgy
26
vulnerability VCID-kak1-btjp-kqgz
27
vulnerability VCID-kdyk-rrrr-pufw
28
vulnerability VCID-krjm-ygks-wyct
29
vulnerability VCID-kvhv-9fj5-7kgk
30
vulnerability VCID-kw9p-5fbc-hudg
31
vulnerability VCID-kxa8-dmva-ayff
32
vulnerability VCID-p2kq-rkh6-ayeu
33
vulnerability VCID-pq29-qe7h-tkcp
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-tm1s-2m92-uyh9
37
vulnerability VCID-tzmx-hfk2-7ufr
38
vulnerability VCID-u49v-31sv-eqc3
39
vulnerability VCID-ya8k-c5s5-47gx
40
vulnerability VCID-yuer-yn1w-q3gw
41
vulnerability VCID-z7fk-zbvh-quew
42
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-eddc-w9wx-c3gq
14
vulnerability VCID-enkd-4y44-4ueq
15
vulnerability VCID-fpb7-5pwu-tyg5
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-pq29-qe7h-tkcp
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-tm1s-2m92-uyh9
24
vulnerability VCID-u49v-31sv-eqc3
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-008
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrnm-d19b-hqby
6
url VCID-z7fk-zbvh-quew
vulnerability_id VCID-z7fk-zbvh-quew
summary 
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-001/
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-j6ze-f76y-cqgy
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kdyk-rrrr-pufw
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-ya8k-c5s5-47gx
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
1
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-j6ze-f76y-cqgy
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kdyk-rrrr-pufw
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-ya8k-c5s5-47gx
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
2
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-eddc-w9wx-c3gq
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ete7-tupf-63c9
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-fyxa-vzeq-ubeq
24
vulnerability VCID-j6ze-f76y-cqgy
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kdyk-rrrr-pufw
27
vulnerability VCID-kvhv-9fj5-7kgk
28
vulnerability VCID-kw9p-5fbc-hudg
29
vulnerability VCID-kxa8-dmva-ayff
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qm38-1cwk-b3hq
33
vulnerability VCID-tc2y-zrea-vyb2
34
vulnerability VCID-tm1s-2m92-uyh9
35
vulnerability VCID-tzmx-hfk2-7ufr
36
vulnerability VCID-u49v-31sv-eqc3
37
vulnerability VCID-ya8k-c5s5-47gx
38
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-016
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fk-zbvh-quew
7
url VCID-zxmh-xcvd-53fe
vulnerability_id VCID-zxmh-xcvd-53fe
summary 
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-010/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-j6ze-f76y-cqgy
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kdyk-rrrr-pufw
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-ya8k-c5s5-47gx
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
1
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-j6ze-f76y-cqgy
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kdyk-rrrr-pufw
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-ya8k-c5s5-47gx
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
2
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-bmqt-5ybj-kuf6
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-eddc-w9wx-c3gq
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ete7-tupf-63c9
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-fyxa-vzeq-ubeq
24
vulnerability VCID-j6ze-f76y-cqgy
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kdyk-rrrr-pufw
27
vulnerability VCID-kvhv-9fj5-7kgk
28
vulnerability VCID-kw9p-5fbc-hudg
29
vulnerability VCID-kxa8-dmva-ayff
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qm38-1cwk-b3hq
33
vulnerability VCID-tc2y-zrea-vyb2
34
vulnerability VCID-tm1s-2m92-uyh9
35
vulnerability VCID-tzmx-hfk2-7ufr
36
vulnerability VCID-u49v-31sv-eqc3
37
vulnerability VCID-ya8k-c5s5-47gx
38
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-010
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxmh-xcvd-53fe
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-alpha0