Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.0.0

Type composer

Namespace silverstripe

Name framework

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.3.23

Latest_non_vulnerable_version 5.3.23

Affected_by_vulnerabilities

url VCID-112b-xdzv-auf1

vulnerability_id VCID-112b-xdzv-auf1

summary Silverstripe HtmlEditor embed url sanitisation

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.silverstripe.org/download/security-releases/ss-2015-027

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2015-027

reference_url

https://github.com/advisories/GHSA-qp29-wcc2-vmpc

reference_id

GHSA-qp29-wcc2-vmpc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qp29-wcc2-vmpc

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

aliases GHSA-qp29-wcc2-vmpc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-112b-xdzv-auf1

url VCID-1dx3-s2f2-4yha

vulnerability_id VCID-1dx3-s2f2-4yha

summary Potential SQL Injection Vulnerability in silverstripe.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-011/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-011-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dx3-s2f2-4yha

url VCID-3497-71mw-yqh8

vulnerability_id VCID-3497-71mw-yqh8

summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55522
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2018-021

fixed_packages

url pkg:composer/silverstripe/framework@3.6.7

purl pkg:composer/silverstripe/framework@3.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-8z35-2baj-cqdb

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7

url pkg:composer/silverstripe/framework@3.7.3

purl pkg:composer/silverstripe/framework@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3

url pkg:composer/silverstripe/framework@4.0.7

purl pkg:composer/silverstripe/framework@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d62k-jng6-5fd8

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-dgmv-7v1e-k3b9

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7

url pkg:composer/silverstripe/framework@4.1.5

purl pkg:composer/silverstripe/framework@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d62k-jng6-5fd8

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-dgmv-7v1e-k3b9

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5

url pkg:composer/silverstripe/framework@4.2.4

purl pkg:composer/silverstripe/framework@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d62k-jng6-5fd8

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-dgmv-7v1e-k3b9

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4

url pkg:composer/silverstripe/framework@4.3.1

purl pkg:composer/silverstripe/framework@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d62k-jng6-5fd8

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-dgmv-7v1e-k3b9

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1

aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3497-71mw-yqh8

url VCID-4bb6-ft3g-pbd3

vulnerability_id VCID-4bb6-ft3g-pbd3

summary

Cross-site Scripting
XSS In rewritten hash links.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.13

purl pkg:composer/silverstripe/framework@3.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1dx3-s2f2-4yha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d5e5-2zb7-8kdb

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-j2xt-jfey-5fej

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vg5p-7mgs-wfbz

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yg8t-fs9x-xufb

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.12

purl pkg:composer/silverstripe/framework@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1dx3-s2f2-4yha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-3c7j-spyr-hke2

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d5e5-2zb7-8kdb

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-j2xt-jfey-5fej

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-uyhe-p2xf-8qah

vulnerability	VCID-vg5p-7mgs-wfbz

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-yg8t-fs9x-xufb

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-009-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bb6-ft3g-pbd3

url VCID-89jy-34ks-5kds

vulnerability_id VCID-89jy-34ks-5kds

summary

Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28661

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37777
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28661

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed

reference_url

https://github.com/silverstripe/silverstripe-graphql/releases

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/releases

reference_url

https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28661

reference_id

CVE-2021-28661

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28661

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2021-28661

reference_id

CVE-2021-28661

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2021-28661

reference_url

https://github.com/advisories/GHSA-r7rh-g777-g5gx

reference_id

GHSA-r7rh-g777-g5gx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7rh-g777-g5gx

fixed_packages

url pkg:composer/silverstripe/framework@3.5.2

purl pkg:composer/silverstripe/framework@3.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2af9-znrv-3bf7

vulnerability	VCID-2b81-t1vt-3uar

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hp6e-75gr-uuan

vulnerability	VCID-hsfb-xx67-7qg6

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-k8vz-xw7w-e3dg

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-s4vd-dw41-wkgn

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-v5s9-xp16-2udf

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yhh9-rkh9-rqeu

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2

aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89jy-34ks-5kds

url VCID-adng-1x6w-2baj

vulnerability_id VCID-adng-1x6w-2baj

summary

Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml

reference_url

https://github.com/github/advisory-database/pull/2575

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/2575

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4

reference_url

https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14

reference_url

https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2023-32302

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2023-32302

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32302

reference_id

CVE-2023-32302

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32302

reference_url

https://github.com/advisories/GHSA-36xx-7vf6-7mv3

reference_id

GHSA-36xx-7vf6-7mv3

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36xx-7vf6-7mv3

reference_url

https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3

reference_id

GHSA-36xx-7vf6-7mv3

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3

fixed_packages

url pkg:composer/silverstripe/framework@4.13.14

purl pkg:composer/silverstripe/framework@4.13.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14

url pkg:composer/silverstripe/framework@5.0.13

purl pkg:composer/silverstripe/framework@5.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13

aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-adng-1x6w-2baj

url VCID-d5e5-2zb7-8kdb

vulnerability_id VCID-d5e5-2zb7-8kdb

summary

Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-014/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-014-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5e5-2zb7-8kdb

url VCID-djww-2v4e-qkb2

vulnerability_id VCID-djww-2v4e-qkb2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26138

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.52834
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26138

reference_url	https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url	https://forum.silverstripe.org/c/releases

reference_url	https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url	https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26138

reference_id

CVE-2020-26138

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26138

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-26138

reference_id

CVE-2020-26138

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-26138

reference_url	https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id	CVE-2020-26138
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2020-26138/

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml

reference_id

CVE-2020-26138.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml

reference_url

https://github.com/advisories/GHSA-7mv4-4xpg-xq44

reference_id

GHSA-7mv4-4xpg-xq44

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7mv4-4xpg-xq44

fixed_packages

url pkg:composer/silverstripe/framework@4.6.0

purl pkg:composer/silverstripe/framework@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0

url pkg:composer/silverstripe/framework@4.7.4

purl pkg:composer/silverstripe/framework@4.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-4vmq-kug8-dug8

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-5j19-xx5v-fkck

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-hj46-jp5w-ckd1

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4

aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djww-2v4e-qkb2

url VCID-gw4m-zbjs-3fgx

vulnerability_id VCID-gw4m-zbjs-3fgx

summary

Improper Input Validation
`HtmlEditor` improper URL sanitisation.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-027/

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-027-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw4m-zbjs-3fgx

url VCID-j2xt-jfey-5fej

vulnerability_id VCID-j2xt-jfey-5fej

summary SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3

reference_url

https://www.silverstripe.org/software/download/security-releases/ss-2015-014

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/software/download/security-releases/ss-2015-014

reference_url

https://github.com/advisories/GHSA-g4hp-pfvf-vm5w

reference_id

GHSA-g4hp-pfvf-vm5w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4hp-pfvf-vm5w

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

aliases GHSA-g4hp-pfvf-vm5w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2xt-jfey-5fej

url VCID-tp75-2k7m-6yaw

vulnerability_id VCID-tp75-2k7m-6yaw

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.57142
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_url

https://github.com/silverstripe/silverstripe-cms

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-cms

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

reference_url	https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id	GHSA-2pw2-qpcp-m47x
reference_type
scores
url	https://github.com/advisories/GHSA-2pw2-qpcp-m47x

fixed_packages

url pkg:composer/silverstripe/framework@3.7.5

purl pkg:composer/silverstripe/framework@3.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5

aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tp75-2k7m-6yaw

url VCID-tzgn-vazz-7kct

vulnerability_id VCID-tzgn-vazz-7kct

summary

Cross-site Scripting
Form field validation message XSS vulnerability.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-026/

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-026-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzgn-vazz-7kct

url VCID-vg5p-7mgs-wfbz

vulnerability_id VCID-vg5p-7mgs-wfbz

summary

URL Redirection to Untrusted Site (Open Redirect)
External redirection risk in `Security?ReturnURL`.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-012/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13-rc1

purl pkg:composer/silverstripe/framework@3.1.13-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1dx3-s2f2-4yha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-3c7j-spyr-hke2

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d5e5-2zb7-8kdb

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-j2xt-jfey-5fej

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-uyhe-p2xf-8qah

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-yg8t-fs9x-xufb

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

aliases SS-2015-012-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vg5p-7mgs-wfbz

url VCID-wxc6-ndg5-dqd9

vulnerability_id VCID-wxc6-ndg5-dqd9

summary Silverstripe Form field validation message XSS vulnerability

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c

reference_url

https://www.silverstripe.org/download/security-releases/ss-2015-026

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2015-026

reference_url

https://github.com/advisories/GHSA-j982-5jv7-v43r

reference_id

GHSA-j982-5jv7-v43r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j982-5jv7-v43r

fixed_packages

url pkg:composer/silverstripe/framework@3.1.16

purl pkg:composer/silverstripe/framework@3.1.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

aliases GHSA-j982-5jv7-v43r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxc6-ndg5-dqd9

url VCID-ze3k-5khy-kbfn

vulnerability_id VCID-ze3k-5khy-kbfn

summary

IE requests issue
IE requests not properly behaving with `rewritehashlinks`.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.13

purl pkg:composer/silverstripe/framework@3.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1dx3-s2f2-4yha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d5e5-2zb7-8kdb

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-j2xt-jfey-5fej

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vg5p-7mgs-wfbz

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yg8t-fs9x-xufb

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-16tg-w8mj-pqha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.12

purl pkg:composer/silverstripe/framework@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-112b-xdzv-auf1

vulnerability	VCID-1dx3-s2f2-4yha

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-2742-7a2u-wqaz

vulnerability	VCID-2uck-cp19-v3e9

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-3c7j-spyr-hke2

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-5ccd-zu9e-yfgp

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-6xct-esdm-m7a6

vulnerability	VCID-7hs4-z65a-wffu

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-89jy-34ks-5kds

vulnerability	VCID-8csb-m7rv-xyh2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-b17s-mw1j-5bcp

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-cskj-c9ur-47dj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d5e5-2zb7-8kdb

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-djww-2v4e-qkb2

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-fn6y-hytc-r3b5

vulnerability	VCID-fygk-h8hh-x3c9

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-j2xt-jfey-5fej

vulnerability	VCID-jh6m-gbpk-9ufc

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-mvra-6wnv-xya1

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-q6t8-41q9-s3cd

vulnerability	VCID-qrhh-c86j-rqe6

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tp75-2k7m-6yaw

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-uyhe-p2xf-8qah

vulnerability	VCID-vg5p-7mgs-wfbz

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-xhcs-db5g-97fr

vulnerability	VCID-yg8t-fs9x-xufb

vulnerability	VCID-ywfx-pjg6-aqcj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p7c-bq8f-77g2

vulnerability	VCID-4qq2-bbj1-8fdb

vulnerability	VCID-adng-1x6w-2baj

vulnerability	VCID-d1ap-2u1x-y7gg

vulnerability	VCID-d6gt-9mst-dub4

vulnerability	VCID-ewqs-8fqc-b3hk

vulnerability	VCID-gr5g-7tkc-2kfa

vulnerability	VCID-k2xa-uwrr-ffez

vulnerability	VCID-kcq9-5h99-abct

vulnerability	VCID-nzdu-xh5w-27g7

vulnerability	VCID-txyu-4qkf-r3cs

vulnerability	VCID-ywfx-pjg6-aqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2014-015-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ze3k-5khy-kbfn

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.0

Package Instance