Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/405403?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/405403?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-rc2", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.2.0-rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361843?format=api", "vulnerability_id": "VCID-16sj-atxu-mfh3", "summary": "ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31644?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/31643?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31642?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-010" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16sj-atxu-mfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/311416?format=api", "vulnerability_id": "VCID-1e21-x465-abgz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57669", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57801", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" }, { "reference_url": "https://github.com/advisories/GHSA-jgw2-f5mx-rg7h", "reference_id": "GHSA-jgw2-f5mx-rg7h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgw2-f5mx-rg7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/420598?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-ed23-mdzp-zqcs" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31679?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15753?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1e21-x465-abgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361796?format=api", "vulnerability_id": "VCID-1heu-12yv-fbaq", "summary": "Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31640?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-014" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1heu-12yv-fbaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205034?format=api", "vulnerability_id": "VCID-3ftm-1ytk-77ee", "summary": "Broken access control on files", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56826", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56961", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56947", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "CVE-2019-14273.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/420598?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-ed23-mdzp-zqcs" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31679?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/15753?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ftm-1ytk-77ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361800?format=api", "vulnerability_id": "VCID-3npf-1y4p-rye8", "summary": "XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31640?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-015" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3npf-1y4p-rye8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/290982?format=api", "vulnerability_id": "VCID-3p33-cbc6-vkgt", "summary": "", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5956", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59668", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5968", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" }, { "reference_url": "https://github.com/advisories/GHSA-j696-6m57-mcrv", "reference_id": "GHSA-j696-6m57-mcrv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j696-6m57-mcrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/417195?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/389484?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p33-cbc6-vkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44558?format=api", "vulnerability_id": "VCID-436b-s848-ske3", "summary": "Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81284", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81292", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81224", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "cve-2024-53277", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377030?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/773611?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-436b-s848-ske3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149523?format=api", "vulnerability_id": "VCID-445u-qqe9-gbch", "summary": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17464", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1748", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.173", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379495?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-445u-qqe9-gbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/294924?format=api", "vulnerability_id": "VCID-47ty-3bfn-1bdz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50253", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50388", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50406", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388921?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31668?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/388922?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31669?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47ty-3bfn-1bdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361794?format=api", "vulnerability_id": "VCID-6t4j-bhja-muge", "summary": "Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31640?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6t4j-bhja-muge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/326353?format=api", "vulnerability_id": "VCID-6u99-zfaw-h7ha", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44238", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44391", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4441", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/506086?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6u99-zfaw-h7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/338253?format=api", "vulnerability_id": "VCID-7aww-xedy-23b8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37838", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38015", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38041", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" }, { "reference_url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx", "reference_id": "GHSA-r7rh-g777-g5gx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31669?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2021-28661", "GHSA-r7rh-g777-g5gx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7aww-xedy-23b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361659?format=api", "vulnerability_id": "VCID-7d44-m46u-t3at", "summary": "Improper Input Validation\n`HtmlEditor` improper URL sanitisation.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31626?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8c5f-re96-7fc9" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-8v22-tnuf-mfgp" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-dmff-xwf4-5fay" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-m6w2-j421-8ugh" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-nwa8-vmbd-tud9" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qq94-yshu-dfav" }, { "vulnerability": "VCID-qvre-9nm4-dffj" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-spm9-b5vw-zkhe" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tgq4-a6ka-c3dx" }, { "vulnerability": "VCID-ug4q-x6gy-j3dv" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" }, { "vulnerability": "VCID-zy6j-8d9x-wkaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/402224?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d44-m46u-t3at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361061?format=api", "vulnerability_id": "VCID-7us5-kn2v-pbc6", "summary": "Silverstripe Framework: Members with no password can be created and bypass custom login forms\nWhen a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with the empty password. Starting with this release, blank passwords are no no longer allowed when members are created in the CMS. Programatically created `Member` records, such as those used in unit tests, still allow blank passwords. You may have some `Member` records in your system already which have empty passwords. To detect these, you can loop over all `Member` records with `Member::get()` and pass each record into the below method. It might be sensible to create a [`BuildTask`](https://api.silverstripe.org/5/SilverStripe/Dev/BuildTask.html) for this purpose.\n ```php\n private function memberHasBlankPassword(Member $member): bool\n {\n // skip default admin as this is created programatically\n if ($member->isDefaultAdmin()) {\n return false;\n }\n // return true if a blank password is valid for this member\n $authenticator = new MemberAuthenticator();\n return $authenticator->checkPassword($member, '')->isValid();\n }\n ```\n Once you have identified the records with empty passwords, it's up to you how to handle this. The most sensible way to resolve this is probably to generate a new secure password for each of these members, mark it as immediately expired, and email each affected member (assuming they have a valid email address in the system).\n\nUsers would need to opt-in to insecure behavior by using a configuration which allowed for empty passwords. These configurations are not expected and hence this advisory is primarily informational in nature.\n\nReported by: [Sabina Talipova](https://www.silverstripe.com/about-us/team/?member=sabina-talipova) from Silverstripe and [Christian Bünte](https://github.com/bimthebam)", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381371?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/381372?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7us5-kn2v-pbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310438?format=api", "vulnerability_id": "VCID-8j7g-u2z1-1ycb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59851", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59742", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59862", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205/", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205/" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/15753?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8j7g-u2z1-1ycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149723?format=api", "vulnerability_id": "VCID-9man-5bj8-e7fm", "summary": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42339", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42524", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42502", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379495?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9man-5bj8-e7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361801?format=api", "vulnerability_id": "VCID-ar2g-6kqd-vqc1", "summary": "Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31640?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ar2g-6kqd-vqc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310447?format=api", "vulnerability_id": "VCID-cma7-m5y5-juhw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36082", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36261", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36284", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" }, { "reference_url": "https://github.com/advisories/GHSA-5fr8-xhqq-4p3q", "reference_id": "GHSA-5fr8-xhqq-4p3q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fr8-xhqq-4p3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/15754?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cma7-m5y5-juhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211936?format=api", "vulnerability_id": "VCID-d8ay-s3tb-7qgy", "summary": "Silverstripe HtmlEditor embed url sanitisation", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027" }, { "reference_url": "https://github.com/advisories/GHSA-qp29-wcc2-vmpc", "reference_id": "GHSA-qp29-wcc2-vmpc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qp29-wcc2-vmpc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31626?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8c5f-re96-7fc9" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-8v22-tnuf-mfgp" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-dmff-xwf4-5fay" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-m6w2-j421-8ugh" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-nwa8-vmbd-tud9" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qq94-yshu-dfav" }, { "vulnerability": "VCID-qvre-9nm4-dffj" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-spm9-b5vw-zkhe" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tgq4-a6ka-c3dx" }, { "vulnerability": "VCID-ug4q-x6gy-j3dv" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" }, { "vulnerability": "VCID-zy6j-8d9x-wkaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" } ], "aliases": [ "GHSA-qp29-wcc2-vmpc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8ay-s3tb-7qgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361753?format=api", "vulnerability_id": "VCID-dmff-xwf4-5fay", "summary": "CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-029", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31659?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31637?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31663?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31633?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qg6a-cawf-6qgp" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2015-029" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmff-xwf4-5fay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207680?format=api", "vulnerability_id": "VCID-f2eh-56eb-pydf", "summary": "Business Logic Errors in SilverStripe Framework", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2" }, { "reference_url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227", "reference_id": "CVE-2022-0227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227" }, { "reference_url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8", "reference_id": "GHSA-32m2-9f76-4gv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18941?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1" } ], "aliases": [ "CVE-2022-0227", "GHSA-32m2-9f76-4gv8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2eh-56eb-pydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361842?format=api", "vulnerability_id": "VCID-fgbz-nak8-r3ba", "summary": "XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31644?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/31643?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31642?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgbz-nak8-r3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204246?format=api", "vulnerability_id": "VCID-g6a1-jazp-mufn", "summary": "Session fixation in change password form", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17167", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17345", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17329", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "CVE-2019-12203.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15763?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/15761?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/15753?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6a1-jazp-mufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/292636?format=api", "vulnerability_id": "VCID-gcht-uaeq-nkc9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.438", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43955", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43974", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://github.com/advisories/GHSA-2jvj-mhf2-g99w", "reference_id": "GHSA-2jvj-mhf2-g99w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2jvj-mhf2-g99w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/420594?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31673?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/420597?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31675?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/420598?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-ed23-mdzp-zqcs" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31679?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-55up-67gu-n7hk" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-6yfj-bqk6-tbbm" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-frp8-zzqn-27ej" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gjrp-er99-rbed" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-sdny-sn1z-z7c4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tcrk-kjpn-zkd9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-v8cg-45wc-vqe2" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcht-uaeq-nkc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341292?format=api", "vulnerability_id": "VCID-gr26-gwtr-eqa1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59375", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59484", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59496", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150" }, { "reference_url": "https://github.com/advisories/GHSA-j66h-cc96-c32q", "reference_id": "GHSA-j66h-cc96-c32q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66h-cc96-c32q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518159?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/391762?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0" } ], "aliases": [ "CVE-2021-36150", "GHSA-j66h-cc96-c32q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr26-gwtr-eqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313756?format=api", "vulnerability_id": "VCID-hmxb-equc-1bau", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43448", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43604", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43623", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326" }, { "reference_url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m", "reference_id": "GHSA-q9ff-3q93-fm8m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385385?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/385152?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/385153?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2019-19326", "GHSA-q9ff-3q93-fm8m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmxb-equc-1bau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146433?format=api", "vulnerability_id": "VCID-jbrw-8yw5-u7ay", "summary": "Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45663", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45654", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45506", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "CVE-2023-48714.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28527?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/28526?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbrw-8yw5-u7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212192?format=api", "vulnerability_id": "VCID-kjha-tu3x-pkae", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "GHSA-5359-pvf2-pw78", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32674?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjha-tu3x-pkae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361999?format=api", "vulnerability_id": "VCID-kkpx-3pyp-zkc3", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388921?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388922?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkpx-3pyp-zkc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361751?format=api", "vulnerability_id": "VCID-m6w2-j421-8ugh", "summary": "XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31659?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31637?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31663?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31633?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qg6a-cawf-6qgp" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-004" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6w2-j421-8ugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360569?format=api", "vulnerability_id": "VCID-mwy1-dxrm-5qes", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377030?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/773611?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwy1-dxrm-5qes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361749?format=api", "vulnerability_id": "VCID-nwa8-vmbd-tud9", "summary": "Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31659?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31637?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31663?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31633?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qg6a-cawf-6qgp" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-005" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwa8-vmbd-tud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/290313?format=api", "vulnerability_id": "VCID-pmed-zcng-eqa7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60616", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60721", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60731", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf", "reference_id": "GHSA-fwhr-g5r4-xgxf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/417971?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31677?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/417195?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/389484?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12ju-ufg2-kkfy" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-5n9u-ktxq-4ffq" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-84zx-d8vf-8khm" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8rc6-pj1w-gydx" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-meba-n1px-8bc1" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vaw1-v4hd-3qe1" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmed-zcng-eqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211954?format=api", "vulnerability_id": "VCID-q3ej-614f-t7fz", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016" }, { "reference_url": "https://github.com/advisories/GHSA-r85g-7jpv-8xrx", "reference_id": "GHSA-r85g-7jpv-8xrx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r85g-7jpv-8xrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31644?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/31643?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31642?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "GHSA-r85g-7jpv-8xrx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3ej-614f-t7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167867?format=api", "vulnerability_id": "VCID-q5tn-heja-1uen", "summary": "Silverstripe silverstripe/cms through 4.11.0 allows XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55617", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55753", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55737", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml", "reference_id": "CVE-2022-37421.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf", "reference_id": "GHSA-pp74-g2q5-j4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "release", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/597956?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3" } ], "aliases": [ "CVE-2022-37421", "GHSA-pp74-g2q5-j4jf", "GMS-2022-6855" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5tn-heja-1uen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90146?format=api", "vulnerability_id": "VCID-qw2u-5zmm-ckac", "summary": "Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45401", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45412", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45252", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "cve-2025-30148", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376401?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw2u-5zmm-ckac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208604?format=api", "vulnerability_id": "VCID-rh6g-dz5w-h7a4", "summary": "FormField with square brackets in field name skips validation", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.53101", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52973", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.53117", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml", "reference_id": "CVE-2020-26138.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44", "reference_id": "GHSA-7mv4-4xpg-xq44", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/506086?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19861?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-26138", "GHSA-7mv4-4xpg-xq44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh6g-dz5w-h7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361750?format=api", "vulnerability_id": "VCID-spm9-b5vw-zkhe", "summary": "XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31659?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31637?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31663?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31633?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qg6a-cawf-6qgp" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spm9-b5vw-zkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58159?format=api", "vulnerability_id": "VCID-su5y-y12y-y3b9", "summary": "silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91729", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91766", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91757", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "cve-2024-47605", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377030?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/773611?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-su5y-y12y-y3b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/310547?format=api", "vulnerability_id": "VCID-tbhq-fnaq-gubs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42069", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42233", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42255", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" }, { "reference_url": "https://github.com/advisories/GHSA-fx37-56v6-85q6", "reference_id": "GHSA-fx37-56v6-85q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx37-56v6-85q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhq-fnaq-gubs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/316750?format=api", "vulnerability_id": "VCID-uk5a-ha6p-vkbq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55671", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55791", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55806", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" }, { "reference_url": "https://github.com/advisories/GHSA-wvfw-w3x6-g526", "reference_id": "GHSA-wvfw-w3x6-g526", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wvfw-w3x6-g526" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385956?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/385958?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/385957?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/385959?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-4rj3-yt7y-rfcs" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/385960?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-4rj3-yt7y-rfcs" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/385961?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-4rj3-yt7y-rfcs" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-ha6p-vkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210435?format=api", "vulnerability_id": "VCID-uyuz-1bws-rkht", "summary": "SilverStripe XXE Vulnerability in CSSContentParser", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57751", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817", "reference_id": "CVE-2020-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817", "reference_id": "CVE-2021-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817" }, { "reference_url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8", "reference_id": "GHSA-3vjc-5x79-m9r8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/506086?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19861?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-25817", "GHSA-3vjc-5x79-m9r8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuz-1bws-rkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210935?format=api", "vulnerability_id": "VCID-vkxb-qh8t-63f2", "summary": "Quadratic blowup in Convert::xml2array()", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57752", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5788", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml", "reference_id": "CVE-2021-41559.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w", "reference_id": "GHSA-9fmg-89fx-r33w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25120?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/574589?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1" } ], "aliases": [ "CVE-2021-41559", "GHSA-9fmg-89fx-r33w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkxb-qh8t-63f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/331953?format=api", "vulnerability_id": "VCID-vnbm-fq6d-3uax", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5728", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57399", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57413", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311/", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311/" }, { "reference_url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x", "reference_id": "GHSA-2pw2-qpcp-m47x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385385?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" } ], "aliases": [ "CVE-2020-9311", "GHSA-2pw2-qpcp-m47x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnbm-fq6d-3uax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361798?format=api", "vulnerability_id": "VCID-vtqk-4b3k-vbd6", "summary": "Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31640?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-bwmh-5pgt-r3g8" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x4mn-6wz2-5qdn" }, { "vulnerability": "VCID-y4kh-5j74-kbc7" }, { "vulnerability": "VCID-zs7c-hvg3-f3hs" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-008" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtqk-4b3k-vbd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204247?format=api", "vulnerability_id": "VCID-vx3f-ny91-1fff", "summary": "Lack of access control on upoaded files", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49246", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49109", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49264", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15763?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-me4v-9ws9-2ybz" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/15761?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/15766?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3f-ny91-1fff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204248?format=api", "vulnerability_id": "VCID-wntr-v8fx-3ycx", "summary": "SilverStripe Priviledge escalation through cache pollution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54069", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54212", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54194", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "CVE-2019-12617.YAML", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/447307?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7rsm-671q-n3cx" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/15753?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15755?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-6eqf-7qyv-zuas" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-91ry-vq9d-pbgb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-9szg-7pyu-kqdx" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-ten7-3cpb-zkcs" }, { "vulnerability": "VCID-ug8p-6ny6-fkas" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-x5m3-hm2b-b3bc" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wntr-v8fx-3ycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360577?format=api", "vulnerability_id": "VCID-wxzb-brfu-pugq", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377030?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzb-brfu-pugq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361797?format=api", "vulnerability_id": "VCID-xsaj-95an-yyeg", "summary": "ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31660?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/31638?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/388682?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.10-stable", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable" }, { "url": "http://public2.vulnerablecode.io/api/packages/409055?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-011" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsaj-95an-yyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361660?format=api", "vulnerability_id": "VCID-yqm9-qm8x-3kga", "summary": "Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31626?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8c5f-re96-7fc9" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-8v22-tnuf-mfgp" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-dmff-xwf4-5fay" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-m6w2-j421-8ugh" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-nwa8-vmbd-tud9" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qq94-yshu-dfav" }, { "vulnerability": "VCID-qvre-9nm4-dffj" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-spm9-b5vw-zkhe" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tgq4-a6ka-c3dx" }, { "vulnerability": "VCID-ug4q-x6gy-j3dv" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" }, { "vulnerability": "VCID-zy6j-8d9x-wkaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/402224?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqm9-qm8x-3kga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361658?format=api", "vulnerability_id": "VCID-zgpw-3kt6-uqgv", "summary": "Cross-site Scripting\nForm field validation message XSS vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31626?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8c5f-re96-7fc9" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-8v22-tnuf-mfgp" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-dmff-xwf4-5fay" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-m6w2-j421-8ugh" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-nwa8-vmbd-tud9" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qq94-yshu-dfav" }, { "vulnerability": "VCID-qvre-9nm4-dffj" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-spm9-b5vw-zkhe" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-tgq4-a6ka-c3dx" }, { "vulnerability": "VCID-ug4q-x6gy-j3dv" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" }, { "vulnerability": "VCID-zy6j-8d9x-wkaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/402224?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpw-3kt6-uqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52954?format=api", "vulnerability_id": "VCID-zsfa-jtt7-7fhr", "summary": "Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.78037", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.78024", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77956", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "cve-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "CVE-2024-32981.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32674?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-533n-8rjm-k7ct" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-wxzb-brfu-pugq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsfa-jtt7-7fhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361752?format=api", "vulnerability_id": "VCID-zy6j-8d9x-wkaz", "summary": "Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989" }, { "reference_url": "http://stackoverflow.com/a/15350123", "reference_id": "", "reference_type": "", "scores": [], "url": "http://stackoverflow.com/a/15350123" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31659?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31637?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31663?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-3vze-xxk7-gufq" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hktx-e17u-77bp" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zhws-tvy9-fyep" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31633?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16sj-atxu-mfh3" }, { "vulnerability": "VCID-1e21-x465-abgz" }, { "vulnerability": "VCID-1heu-12yv-fbaq" }, { "vulnerability": "VCID-3ftm-1ytk-77ee" }, { "vulnerability": "VCID-3npf-1y4p-rye8" }, { "vulnerability": "VCID-3p33-cbc6-vkgt" }, { "vulnerability": "VCID-436b-s848-ske3" }, { "vulnerability": "VCID-445u-qqe9-gbch" }, { "vulnerability": "VCID-47ty-3bfn-1bdz" }, { "vulnerability": "VCID-6t4j-bhja-muge" }, { "vulnerability": "VCID-6u99-zfaw-h7ha" }, { "vulnerability": "VCID-7aww-xedy-23b8" }, { "vulnerability": "VCID-7us5-kn2v-pbc6" }, { "vulnerability": "VCID-8j7g-u2z1-1ycb" }, { "vulnerability": "VCID-8s6r-7den-zbcc" }, { "vulnerability": "VCID-9man-5bj8-e7fm" }, { "vulnerability": "VCID-ar2g-6kqd-vqc1" }, { "vulnerability": "VCID-ch84-pusj-17gd" }, { "vulnerability": "VCID-cma7-m5y5-juhw" }, { "vulnerability": "VCID-e78h-yv8k-4qbs" }, { "vulnerability": "VCID-et9c-tk3x-3ucy" }, { "vulnerability": "VCID-f2eh-56eb-pydf" }, { "vulnerability": "VCID-fgbz-nak8-r3ba" }, { "vulnerability": "VCID-g6a1-jazp-mufn" }, { "vulnerability": "VCID-gb7n-wpb6-xfdq" }, { "vulnerability": "VCID-gcht-uaeq-nkc9" }, { "vulnerability": "VCID-gr26-gwtr-eqa1" }, { "vulnerability": "VCID-gv3v-n8wh-83c6" }, { "vulnerability": "VCID-hmxb-equc-1bau" }, { "vulnerability": "VCID-jbrw-8yw5-u7ay" }, { "vulnerability": "VCID-kjha-tu3x-pkae" }, { "vulnerability": "VCID-kkpx-3pyp-zkc3" }, { "vulnerability": "VCID-mqke-3sg4-x3bq" }, { "vulnerability": "VCID-mwy1-dxrm-5qes" }, { "vulnerability": "VCID-pmed-zcng-eqa7" }, { "vulnerability": "VCID-q3ej-614f-t7fz" }, { "vulnerability": "VCID-q5tn-heja-1uen" }, { "vulnerability": "VCID-qg6a-cawf-6qgp" }, { "vulnerability": "VCID-qw2u-5zmm-ckac" }, { "vulnerability": "VCID-rh6g-dz5w-h7a4" }, { "vulnerability": "VCID-su5y-y12y-y3b9" }, { "vulnerability": "VCID-tbhq-fnaq-gubs" }, { "vulnerability": "VCID-uk5a-ha6p-vkbq" }, { "vulnerability": "VCID-uyuz-1bws-rkht" }, { "vulnerability": "VCID-vkxb-qh8t-63f2" }, { "vulnerability": "VCID-vnbm-fq6d-3uax" }, { "vulnerability": "VCID-vtqk-4b3k-vbd6" }, { "vulnerability": "VCID-vx3f-ny91-1fff" }, { "vulnerability": "VCID-wntr-v8fx-3ycx" }, { "vulnerability": "VCID-wuns-qx3r-z7dk" }, { "vulnerability": "VCID-wxzb-brfu-pugq" }, { "vulnerability": "VCID-xsaj-95an-yyeg" }, { "vulnerability": "VCID-zsfa-jtt7-7fhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-006" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy6j-8d9x-wkaz" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-rc2" }