Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/userforms@5.1.0
Typecomposer
Namespacesilverstripe
Nameuserforms
Version5.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.2
Latest_non_vulnerable_version5.4.2
Affected_by_vulnerabilities
0
url VCID-dc9y-v257-6bhf
vulnerability_id VCID-dc9y-v257-6bhf
summary 
SilverStripe Folders migrated from 3.x may be unsafe to upload to
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9280
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59783
published_at 2026-04-13T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59737
published_at 2026-04-02T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.59827
published_at 2026-04-18T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.5982
published_at 2026-04-16T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59801
published_at 2026-04-12T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59664
published_at 2026-04-01T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59762
published_at 2026-04-04T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59816
published_at 2026-04-11T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59797
published_at 2026-04-09T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59732
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9280
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml
3
reference_url https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc
4
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
5
reference_url https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9280
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9280
7
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
8
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9280
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9280
10
reference_url https://github.com/advisories/GHSA-592m-4533-rxq9
reference_id GHSA-592m-4533-rxq9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-592m-4533-rxq9
fixed_packages
0
url pkg:composer/silverstripe/userforms@5.4.2
purl pkg:composer/silverstripe/userforms@5.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/userforms@5.4.2
aliases CVE-2020-9280, GHSA-592m-4533-rxq9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc9y-v257-6bhf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/userforms@5.1.0