Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/50855?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/50855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.11", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.1.11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.8", "latest_non_vulnerable_version": "5.3.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340846?format=api", "vulnerability_id": "VCID-112b-xdzv-auf1", "summary": "Silverstripe HtmlEditor embed url sanitisation", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027" }, { "reference_url": "https://github.com/advisories/GHSA-qp29-wcc2-vmpc", "reference_id": "GHSA-qp29-wcc2-vmpc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qp29-wcc2-vmpc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" } ], "aliases": [ "GHSA-qp29-wcc2-vmpc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-112b-xdzv-auf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340834?format=api", "vulnerability_id": "VCID-16tg-w8mj-pqha", "summary": "SilverStripe framework XML Quadratic Blowup Attack", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack" }, { "reference_url": "https://github.com/advisories/GHSA-g43w-98wp-m694", "reference_id": "GHSA-g43w-98wp-m694", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g43w-98wp-m694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" } ], "aliases": [ "GHSA-g43w-98wp-m694" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16tg-w8mj-pqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10669?format=api", "vulnerability_id": "VCID-1dx3-s2f2-4yha", "summary": "Potential SQL Injection Vulnerability in silverstripe.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-011-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dx3-s2f2-4yha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340849?format=api", "vulnerability_id": "VCID-1yc7-8qd2-zfhm", "summary": "Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-003" }, { "reference_url": "https://github.com/advisories/GHSA-87pf-7x99-5xc4", "reference_id": "GHSA-87pf-7x99-5xc4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-87pf-7x99-5xc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/81457?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" } ], "aliases": [ "GHSA-87pf-7x99-5xc4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1yc7-8qd2-zfhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10728?format=api", "vulnerability_id": "VCID-2742-7a2u-wqaz", "summary": "Cross-site Scripting\nXSS in `dev/build` `returnURL` Parameter.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51302?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" } ], "aliases": [ "SS-2015-015-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2742-7a2u-wqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202068?format=api", "vulnerability_id": "VCID-2uck-cp19-v3e9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55469", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml", "reference_id": "CVE-2022-37421.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf", "reference_id": "GHSA-pp74-g2q5-j4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572980?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3" } ], "aliases": [ "CVE-2022-37421", "GHSA-pp74-g2q5-j4jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uck-cp19-v3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10847?format=api", "vulnerability_id": "VCID-333j-w32t-ufhn", "summary": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-003-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-333j-w32t-ufhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13529?format=api", "vulnerability_id": "VCID-3497-71mw-yqh8", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55522", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56783?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56784?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/56785?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56786?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/56787?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/56788?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3497-71mw-yqh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340840?format=api", "vulnerability_id": "VCID-3c7j-spyr-hke2", "summary": "Silverstripe X-Forwarded-Host request hostname injection", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-013-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-013-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/75137dbab28c0efd28b07e50044a50c5af4e46aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/75137dbab28c0efd28b07e50044a50c5af4e46aa" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-013" }, { "reference_url": "https://github.com/advisories/GHSA-25gq-jvx2-vg9x", "reference_id": "GHSA-25gq-jvx2-vg9x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25gq-jvx2-vg9x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" } ], "aliases": [ "GHSA-25gq-jvx2-vg9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3c7j-spyr-hke2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10644?format=api", "vulnerability_id": "VCID-4bb6-ft3g-pbd3", "summary": "Cross-site Scripting\nXSS In rewritten hash links.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-009-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bb6-ft3g-pbd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137842?format=api", "vulnerability_id": "VCID-4mg2-rjsn-qyfx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "CVE-2019-12203.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74365?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74364?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347348?format=api", "vulnerability_id": "VCID-4qq2-bbj1-8fdb", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qq2-bbj1-8fdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14861?format=api", "vulnerability_id": "VCID-5ccd-zu9e-yfgp", "summary": "Business Logic Errors in GitHub repository silverstripe/silverstripe-framework", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2" }, { "reference_url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227", "reference_id": "CVE-2022-0227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227" }, { "reference_url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8", "reference_id": "GHSA-32m2-9f76-4gv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59361?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1" } ], "aliases": [ "CVE-2022-0227", "GHSA-32m2-9f76-4gv8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ccd-zu9e-yfgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10642?format=api", "vulnerability_id": "VCID-5jsa-avf4-2ybm", "summary": "Cross-site Scripting\nXSS in `Director::force_redirect()`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-010-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jsa-avf4-2ybm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10919?format=api", "vulnerability_id": "VCID-6e1y-7jj8-a7cw", "summary": "XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51627?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51626?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-004" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6e1y-7jj8-a7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340860?format=api", "vulnerability_id": "VCID-6xct-esdm-m7a6", "summary": "silverstripe/framework's `Member.Name` is not escaped", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013" }, { "reference_url": "https://github.com/advisories/GHSA-r9vp-fp72-xgf7", "reference_id": "GHSA-r9vp-fp72-xgf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r9vp-fp72-xgf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-r9vp-fp72-xgf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xct-esdm-m7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340842?format=api", "vulnerability_id": "VCID-7hs4-z65a-wffu", "summary": "Silverstripe XSS in dev/build returnURL Parameter", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-015" }, { "reference_url": "https://github.com/advisories/GHSA-hq4p-5mpr-jj9m", "reference_id": "GHSA-hq4p-5mpr-jj9m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq4p-5mpr-jj9m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51302?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14" } ], "aliases": [ "GHSA-hq4p-5mpr-jj9m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hs4-z65a-wffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137865?format=api", "vulnerability_id": "VCID-7kmy-8ht6-8fcw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74365?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74364?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74368?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10920?format=api", "vulnerability_id": "VCID-7me4-ggep-sbhj", "summary": "Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989" }, { "reference_url": "http://stackoverflow.com/a/15350123", "reference_id": "", "reference_type": "", "scores": [], "url": "http://stackoverflow.com/a/15350123" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51627?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51626?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-006" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7me4-ggep-sbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11065?format=api", "vulnerability_id": "VCID-7uum-b28k-nqbm", "summary": "XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51945?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uum-b28k-nqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11000?format=api", "vulnerability_id": "VCID-7wzc-kyxs-wbc2", "summary": "ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51817?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.10-stable", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-011" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wzc-kyxs-wbc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14157?format=api", "vulnerability_id": "VCID-89jy-34ks-5kds", "summary": "Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37777", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" }, { "reference_url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx", "reference_id": "GHSA-r7rh-g777-g5gx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52287?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2021-28661", "GHSA-r7rh-g777-g5gx" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89jy-34ks-5kds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183572?format=api", "vulnerability_id": "VCID-8csb-m7rv-xyh2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57606", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", "reference_id": "CVE-2021-41559", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml", "reference_id": "CVE-2021-41559.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w", "reference_id": "GHSA-9fmg-89fx-r33w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/549782?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78408?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" } ], "aliases": [ "CVE-2021-41559", "GHSA-9fmg-89fx-r33w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8csb-m7rv-xyh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11271?format=api", "vulnerability_id": "VCID-91wy-94bg-bfc3", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52220?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52221?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91wy-94bg-bfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340837?format=api", "vulnerability_id": "VCID-95vg-kyzg-pfbh", "summary": "Silverstripe XSS In rewritten hash links", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links" }, { "reference_url": "https://github.com/advisories/GHSA-34q6-xqxh-gq39", "reference_id": "GHSA-34q6-xqxh-gq39", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34q6-xqxh-gq39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" } ], "aliases": [ "GHSA-34q6-xqxh-gq39" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95vg-kyzg-pfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340848?format=api", "vulnerability_id": "VCID-9qx2-tr6c-sbby", "summary": "Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-002" }, { "reference_url": "https://github.com/advisories/GHSA-2hpc-mf4q-j885", "reference_id": "GHSA-2hpc-mf4q-j885", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hpc-mf4q-j885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/81457?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" } ], "aliases": [ "GHSA-2hpc-mf4q-j885" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qx2-tr6c-sbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137866?format=api", "vulnerability_id": "VCID-9vwe-uejx-c3c5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36012", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74359?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10997?format=api", "vulnerability_id": "VCID-a95a-ygek-hfby", "summary": "Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a95a-ygek-hfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18178?format=api", "vulnerability_id": "VCID-adng-1x6w-2baj", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65165?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/65166?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adng-1x6w-2baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10726?format=api", "vulnerability_id": "VCID-b17s-mw1j-5bcp", "summary": "Cross-site Scripting\nXSS in `install.php`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-016/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51302?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" } ], "aliases": [ "SS-2015-016-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b17s-mw1j-5bcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11001?format=api", "vulnerability_id": "VCID-bexp-ws1g-1fdu", "summary": "Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-008" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bexp-ws1g-1fdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340854?format=api", "vulnerability_id": "VCID-c3wv-6zpv-zbfg", "summary": "silverstripe/framework ReadOnly transformation for formfields exploitable", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-010" }, { "reference_url": "https://github.com/advisories/GHSA-97jm-g33h-f46g", "reference_id": "GHSA-97jm-g33h-f46g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97jm-g33h-f46g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51945?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "GHSA-97jm-g33h-f46g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3wv-6zpv-zbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340839?format=api", "vulnerability_id": "VCID-chrp-jxha-hkhc", "summary": "Silverstripe XSS in Director::force_redirect()", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-010-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-010-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ee9bddb808df6d27db4d56bb5d522dcfe6788715", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ee9bddb808df6d27db4d56bb5d522dcfe6788715" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect" }, { "reference_url": "https://github.com/advisories/GHSA-jqp8-v74p-g8px", "reference_id": "GHSA-jqp8-v74p-g8px", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqp8-v74p-g8px" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" } ], "aliases": [ "GHSA-jqp8-v74p-g8px" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chrp-jxha-hkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159546?format=api", "vulnerability_id": "VCID-cskj-c9ur-47dj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44161", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cskj-c9ur-47dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270458?format=api", "vulnerability_id": "VCID-d1ap-2u1x-y7gg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.78068", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ap-2u1x-y7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10671?format=api", "vulnerability_id": "VCID-d5e5-2zb7-8kdb", "summary": "Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-014-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5e5-2zb7-8kdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254932?format=api", "vulnerability_id": "VCID-d6gt-9mst-dub4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77841", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "CVE-2024-32981.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82191?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-kcq9-5h99-abct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6gt-9mst-dub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11004?format=api", "vulnerability_id": "VCID-d9he-ahd2-xkde", "summary": "Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9he-ahd2-xkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159547?format=api", "vulnerability_id": "VCID-djww-2v4e-qkb2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52834", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml", "reference_id": "CVE-2020-26138.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44", "reference_id": "GHSA-7mv4-4xpg-xq44", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76628?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-26138", "GHSA-7mv4-4xpg-xq44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djww-2v4e-qkb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10756?format=api", "vulnerability_id": "VCID-empu-95n7-5qcq", "summary": "Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-empu-95n7-5qcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11303?format=api", "vulnerability_id": "VCID-eu6p-szkb-m7b1", "summary": "Cross-site Scripting\nThere is an XSS in SilverStripe CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "CVE-2017-5197", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52220?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52286?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52221?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52287?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eu6p-szkb-m7b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/347356?format=api", "vulnerability_id": "VCID-ewqs-8fqc-b3hk", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewqs-8fqc-b3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10758?format=api", "vulnerability_id": "VCID-farn-35ej-t7eg", "summary": "XSS vulnerability in form field validation\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.", "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51338?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-farn-35ej-t7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142395?format=api", "vulnerability_id": "VCID-fn6y-hytc-r3b5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43356", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326" }, { "reference_url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m", "reference_id": "GHSA-q9ff-3q93-fm8m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/214051?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/213927?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/213928?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2019-19326", "GHSA-q9ff-3q93-fm8m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fn6y-hytc-r3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10730?format=api", "vulnerability_id": "VCID-fygk-h8hh-x3c9", "summary": "Privilege Escalation\nA member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.", "references": [ { "reference_url": "http://www.silverstripe.org/software/download/security-releases/ss-2015-020/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/software/download/security-releases/ss-2015-020/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51302?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14" } ], "aliases": [ "SS-2015-020" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fygk-h8hh-x3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17483?format=api", "vulnerability_id": "VCID-gr5g-7tkc-2kfa", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17257", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63807?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr5g-7tkc-2kfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340833?format=api", "vulnerability_id": "VCID-gsp4-9v15-abdn", "summary": "Silverstripe IE requests not properly behaving with rewritehashlinks", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks" }, { "reference_url": "https://github.com/advisories/GHSA-5f5v-5c3v-gw5v", "reference_id": "GHSA-5f5v-5c3v-gw5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f5v-5c3v-gw5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" } ], "aliases": [ "GHSA-5f5v-5c3v-gw5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsp4-9v15-abdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10754?format=api", "vulnerability_id": "VCID-gw4m-zbjs-3fgx", "summary": "Improper Input Validation\n`HtmlEditor` improper URL sanitisation.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-027/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-027-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gw4m-zbjs-3fgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340843?format=api", "vulnerability_id": "VCID-j2xt-jfey-5fej", "summary": "SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-014" }, { "reference_url": "https://github.com/advisories/GHSA-g4hp-pfvf-vm5w", "reference_id": "GHSA-g4hp-pfvf-vm5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4hp-pfvf-vm5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" } ], "aliases": [ "GHSA-g4hp-pfvf-vm5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2xt-jfey-5fej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16370?format=api", "vulnerability_id": "VCID-jh6m-gbpk-9ufc", "summary": "Silverstripe CMS Open Redirect\nOpen redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt" }, { "reference_url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57545", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5062" }, { "reference_url": "https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419" }, { "reference_url": "https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5062", "reference_id": "CVE-2015-5062", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5062" }, { "reference_url": "https://github.com/advisories/GHSA-fh35-p8ph-p545", "reference_id": "GHSA-fh35-p8ph-p545", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fh35-p8ph-p545" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93128?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14-rc1" } ], "aliases": [ "CVE-2015-5062", "GHSA-fh35-p8ph-p545" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6m-gbpk-9ufc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139230?format=api", "vulnerability_id": "VCID-k1aa-deyg-2kdg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57522", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s99v-qdmh-ebf8" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1aa-deyg-2kdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341099?format=api", "vulnerability_id": "VCID-k2xa-uwrr-ffez", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "GHSA-5359-pvf2-pw78", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82191?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-kcq9-5h99-abct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2xa-uwrr-ffez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139231?format=api", "vulnerability_id": "VCID-k6ed-y2ud-wffu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56678", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "CVE-2019-14273.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s99v-qdmh-ebf8" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ed-y2ud-wffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265745?format=api", "vulnerability_id": "VCID-kcq9-5h99-abct", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05366", "scoring_system": "epss", "scoring_elements": "0.9023", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/745232?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193925?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcq9-5h99-abct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10921?format=api", "vulnerability_id": "VCID-km94-727n-nfa6", "summary": "CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-029", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51627?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51626?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2015-029" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-km94-727n-nfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10917?format=api", "vulnerability_id": "VCID-ku6h-zhz1-8ydr", "summary": "Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51627?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51626?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-005" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ku6h-zhz1-8ydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138126?format=api", "vulnerability_id": "VCID-m2bw-tabk-qyd8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "CVE-2019-12617.YAML", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14158?format=api", "vulnerability_id": "VCID-mvra-6wnv-xya1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59233", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150" }, { "reference_url": "https://github.com/advisories/GHSA-j66h-cc96-c32q", "reference_id": "GHSA-j66h-cc96-c32q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66h-cc96-c32q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/495335?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58206?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0" } ], "aliases": [ "CVE-2021-36150", "GHSA-j66h-cc96-c32q" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvra-6wnv-xya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17473?format=api", "vulnerability_id": "VCID-nzdu-xh5w-27g7", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63807?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzdu-xh5w-27g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12093?format=api", "vulnerability_id": "VCID-pq7w-n99a-q7cj", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43716", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108959?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53884?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/108962?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53885?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s99v-qdmh-ebf8" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25r7-spjd-qufz" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2p3r-ff36-aqfm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-6zn9-kt2q-s3bq" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3aa-8je2-quek" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-jxym-rkhj-yybr" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mfzd-r5pm-q7es" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pmb3-k9w1-y7gm" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq7w-n99a-q7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340844?format=api", "vulnerability_id": "VCID-q6t8-41q9-s3cd", "summary": "Silverstripe framework is vulnerable to XSS in install.php", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-016-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-016-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/4c73721bab0d543eee6137e3c00aa8ec727e95d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/4c73721bab0d543eee6137e3c00aa8ec727e95d1" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-016" }, { "reference_url": "https://github.com/advisories/GHSA-mqf5-275h-gf6r", "reference_id": "GHSA-mqf5-275h-gf6r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqf5-275h-gf6r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51302?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14" } ], "aliases": [ "GHSA-mqf5-275h-gf6r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6t8-41q9-s3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159392?format=api", "vulnerability_id": "VCID-qrhh-c86j-rqe6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57604", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817", "reference_id": "CVE-2020-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817", "reference_id": "CVE-2021-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817" }, { "reference_url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8", "reference_id": "GHSA-3vjc-5x79-m9r8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/419167?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76628?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-25817", "GHSA-3vjc-5x79-m9r8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrhh-c86j-rqe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340847?format=api", "vulnerability_id": "VCID-rat4-3wbz-33fu", "summary": "Silverstripe Missing security check on dev/build/defaults", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-028", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-028" }, { "reference_url": "https://github.com/advisories/GHSA-x5w2-wcr8-9q45", "reference_id": "GHSA-x5w2-wcr8-9q45", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5w2-wcr8-9q45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/81457?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" } ], "aliases": [ "GHSA-x5w2-wcr8-9q45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rat4-3wbz-33fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10554?format=api", "vulnerability_id": "VCID-rr1n-ph71-myet", "summary": "Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-017-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr1n-ph71-myet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167785?format=api", "vulnerability_id": "VCID-tp75-2k7m-6yaw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57142", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311" }, { "reference_url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x", "reference_id": "GHSA-2pw2-qpcp-m47x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/214051?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" } ], "aliases": [ "CVE-2020-9311", "GHSA-2pw2-qpcp-m47x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp75-2k7m-6yaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19289?format=api", "vulnerability_id": "VCID-txyu-4qkf-r3cs", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nSilverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45409", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "CVE-2023-48714.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67386?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/67387?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txyu-4qkf-r3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10753?format=api", "vulnerability_id": "VCID-tzgn-vazz-7kct", "summary": "Cross-site Scripting\nForm field validation message XSS vulnerability.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-026/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-026-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzgn-vazz-7kct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10999?format=api", "vulnerability_id": "VCID-u7hh-49t3-13df", "summary": "Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-014" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7hh-49t3-13df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10918?format=api", "vulnerability_id": "VCID-ud6e-smr7-vffw", "summary": "XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51627?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51626?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24hm-9rm5-f3dm" }, { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a93f-g6rr-2bcz" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-kykm-f6zq-bbhr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud6e-smr7-vffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11066?format=api", "vulnerability_id": "VCID-upvz-qc95-nua2", "summary": "ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51945?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-010" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upvz-qc95-nua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11003?format=api", "vulnerability_id": "VCID-uww2-1x5r-ufc6", "summary": "XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51813?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-015" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uww2-1x5r-ufc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10673?format=api", "vulnerability_id": "VCID-uyhe-p2xf-8qah", "summary": "Improper Neutralization of HTTP Headers for Scripting Syntax\n`X-Forwarded-Host` request hostname injection.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" } ], "aliases": [ "SS-2015-013-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyhe-p2xf-8qah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10670?format=api", "vulnerability_id": "VCID-vg5p-7mgs-wfbz", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81456?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" } ], "aliases": [ "SS-2015-012-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vg5p-7mgs-wfbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11607?format=api", "vulnerability_id": "VCID-vrv4-sy3z-jfe2", "summary": "Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59419", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "CVE-2017-14498", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" }, { "reference_url": "https://github.com/advisories/GHSA-j696-6m57-mcrv", "reference_id": "GHSA-j696-6m57-mcrv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j696-6m57-mcrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/105334?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53062?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrv4-sy3z-jfe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10845?format=api", "vulnerability_id": "VCID-wnrg-ruds-wqb4", "summary": "Improper Authentication\n'Missing security check on `dev/build/defaults`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-028/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2015-028-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnrg-ruds-wqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340845?format=api", "vulnerability_id": "VCID-wxc6-ndg5-dqd9", "summary": "Silverstripe Form field validation message XSS vulnerability", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2015-026", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2015-026" }, { "reference_url": "https://github.com/advisories/GHSA-j982-5jv7-v43r", "reference_id": "GHSA-j982-5jv7-v43r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j982-5jv7-v43r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51338?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1" } ], "aliases": [ "GHSA-j982-5jv7-v43r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxc6-ndg5-dqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137844?format=api", "vulnerability_id": "VCID-x6g5-a61e-3khu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=api", "vulnerability_id": "VCID-xazf-vmz5-r3dj", "summary": "Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6047", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf", "reference_id": "GHSA-fwhr-g5r4-xgxf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/106111?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53395?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/105334?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53062?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af9-znrv-3bf7" }, { "vulnerability": "VCID-2e1q-fc4b-mydq" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8z35-2baj-cqdb" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hp6e-75gr-uuan" }, { "vulnerability": "VCID-hsfb-xx67-7qg6" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-k8vz-xw7w-e3dg" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yhh9-rkh9-rqeu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xazf-vmz5-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340864?format=api", "vulnerability_id": "VCID-xhcs-db5g-97fr", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016" }, { "reference_url": "https://github.com/advisories/GHSA-r85g-7jpv-8xrx", "reference_id": "GHSA-r85g-7jpv-8xrx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r85g-7jpv-8xrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51945?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b81-t1vt-3uar" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-s4vd-dw41-wkgn" }, { "vulnerability": "VCID-seq6-f1js-u3f3" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-v5s9-xp16-2udf" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "GHSA-r85g-7jpv-8xrx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhcs-db5g-97fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340841?format=api", "vulnerability_id": "VCID-yg8t-fs9x-xufb", "summary": "Silverstripe External redirection risk in Security?ReturnURL", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-012" }, { "reference_url": "https://github.com/advisories/GHSA-vp8p-c6xj-xpj7", "reference_id": "GHSA-vp8p-c6xj-xpj7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vp8p-c6xj-xpj7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51208?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13" } ], "aliases": [ "GHSA-vp8p-c6xj-xpj7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yg8t-fs9x-xufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13696?format=api", "vulnerability_id": "VCID-yxg1-dz91-ckgs", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41992", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-4vmq-kug8-dug8" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-5j19-xx5v-fkck" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d62k-jng6-5fd8" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-dgmv-7v1e-k3b9" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-hj46-jp5w-ckd1" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10643?format=api", "vulnerability_id": "VCID-ze3k-5khy-kbfn", "summary": "IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50856?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-1dx3-s2f2-4yha" }, { "vulnerability": "VCID-1yc7-8qd2-zfhm" }, { "vulnerability": "VCID-2742-7a2u-wqaz" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-333j-w32t-ufhn" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-3c7j-spyr-hke2" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7hs4-z65a-wffu" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9qx2-tr6c-sbby" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-b17s-mw1j-5bcp" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d5e5-2zb7-8kdb" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-farn-35ej-t7eg" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-fygk-h8hh-x3c9" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-j2xt-jfey-5fej" }, { "vulnerability": "VCID-jh6m-gbpk-9ufc" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-q6t8-41q9-s3cd" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-rat4-3wbz-33fu" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-uyhe-p2xf-8qah" }, { "vulnerability": "VCID-vg5p-7mgs-wfbz" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-wnrg-ruds-wqb4" }, { "vulnerability": "VCID-wxc6-ndg5-dqd9" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yg8t-fs9x-xufb" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" }, { "vulnerability": "VCID-zfrs-mqe3-4be8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2014-015-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze3k-5khy-kbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10846?format=api", "vulnerability_id": "VCID-zfrs-mqe3-4be8", "summary": "Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in `GridFieldAddExistingAutocompleter`.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51466?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/93129?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-112b-xdzv-auf1" }, { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-empu-95n7-5qcq" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-gw4m-zbjs-3fgx" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-tzgn-vazz-7kct" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51467?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uck-cp19-v3e9" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-5ccd-zu9e-yfgp" }, { "vulnerability": "VCID-6e1y-7jj8-a7cw" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7me4-ggep-sbhj" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-89jy-34ks-5kds" }, { "vulnerability": "VCID-8csb-m7rv-xyh2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-c3wv-6zpv-zbfg" }, { "vulnerability": "VCID-cskj-c9ur-47dj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-djww-2v4e-qkb2" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-fn6y-hytc-r3b5" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-km94-727n-nfa6" }, { "vulnerability": "VCID-ku6h-zhz1-8ydr" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-mvra-6wnv-xya1" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-qrhh-c86j-rqe6" }, { "vulnerability": "VCID-tp75-2k7m-6yaw" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-ud6e-smr7-vffw" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-xhcs-db5g-97fr" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/90311?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p7c-bq8f-77g2" }, { "vulnerability": "VCID-4qq2-bbj1-8fdb" }, { "vulnerability": "VCID-adng-1x6w-2baj" }, { "vulnerability": "VCID-d1ap-2u1x-y7gg" }, { "vulnerability": "VCID-d6gt-9mst-dub4" }, { "vulnerability": "VCID-ewqs-8fqc-b3hk" }, { "vulnerability": "VCID-gr5g-7tkc-2kfa" }, { "vulnerability": "VCID-k2xa-uwrr-ffez" }, { "vulnerability": "VCID-kcq9-5h99-abct" }, { "vulnerability": "VCID-nzdu-xh5w-27g7" }, { "vulnerability": "VCID-txyu-4qkf-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1" } ], "aliases": [ "SS-2016-002-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfrs-mqe3-4be8" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.11" }