Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.1.0
Typecomposer
Namespacesilverstripe
Nameframework
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.10
Latest_non_vulnerable_version5.1.11
Affected_by_vulnerabilities
0
url VCID-3snr-vtda-jqdj
vulnerability_id VCID-3snr-vtda-jqdj
summary 
Cross-site Scripting
XSS In rewritten hash links.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-78b6-1v3w-qfc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases SS-2015-009-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj
1
url VCID-78b6-1v3w-qfc3
vulnerability_id VCID-78b6-1v3w-qfc3
summary 
URL Redirection to Untrusted Site (Open Redirect)
External redirection risk in `Security?ReturnURL`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfyd-qn7r-eqdg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-012-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3
2
url VCID-8jxx-tgck-fuf1
vulnerability_id VCID-8jxx-tgck-fuf1
summary 
Cross-site Scripting
XSS In GridField print.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-006/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-006/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
aliases SS-2015-006-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jxx-tgck-fuf1
3
url VCID-8wmb-64qq-7uh2
vulnerability_id VCID-8wmb-64qq-7uh2
summary 
Cross-site Scripting
XSS In FormAction.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-007/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-007/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
aliases SS-2015-007-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wmb-64qq-7uh2
4
url VCID-8xwp-xd3k-fqaz
vulnerability_id VCID-8xwp-xd3k-fqaz
summary 
IE requests issue
IE requests not properly behaving with `rewritehashlinks`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-78b6-1v3w-qfc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases SS-2014-015-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz
5
url VCID-hnhv-qx7p-wqcw
vulnerability_id VCID-hnhv-qx7p-wqcw
summary 
Cross-Site Request Forgery (CSRF)
CSRF vulnerability in `GridFieldAddExistingAutocompleter`.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-002/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-002/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases SS-2016-002-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhv-qx7p-wqcw
6
url VCID-kgf1-m5hq-1yay
vulnerability_id VCID-kgf1-m5hq-1yay
summary 
Cross-site Scripting
XSS in `Director::force_redirect()`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-78b6-1v3w-qfc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases SS-2015-010-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf1-m5hq-1yay
7
url VCID-puvt-j32v-77eh
vulnerability_id VCID-puvt-j32v-77eh
summary 
Improper Neutralization of HTTP Headers for Scripting Syntax
`X-Forwarded-Host` request hostname injection.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfyd-qn7r-eqdg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-013-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puvt-j32v-77eh
8
url VCID-rmsa-pfr6-zkg3
vulnerability_id VCID-rmsa-pfr6-zkg3
summary 
Cross-site Scripting
TreeDropdownField and TreeMultiSelectField XSS.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-004/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-004/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
aliases SS-2015-004-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmsa-pfr6-zkg3
9
url VCID-rrmd-ud59-ffbp
vulnerability_id VCID-rrmd-ud59-ffbp
summary 
Improper Authentication
'Missing security check on `dev/build/defaults`.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-028/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-028/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases SS-2015-028-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrmd-ud59-ffbp
10
url VCID-twrb-6j51-aqcy
vulnerability_id VCID-twrb-6j51-aqcy
summary 
Cross-site Scripting
XSS in `dev/build` `returnURL` Parameter.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases SS-2015-015-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twrb-6j51-aqcy
11
url VCID-u6za-xw77-8kgx
vulnerability_id VCID-u6za-xw77-8kgx
summary 
Uncontrolled Resource Consumption
XML Quadratic Blowup vulnerability.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-78b6-1v3w-qfc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases SS-2014-017-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6za-xw77-8kgx
12
url VCID-uyxp-7fh1-77cg
vulnerability_id VCID-uyxp-7fh1-77cg
summary 
Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfyd-qn7r-eqdg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-014-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg
13
url VCID-vatm-1vbd-bfam
vulnerability_id VCID-vatm-1vbd-bfam
summary SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-003/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-003/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases SS-2016-003-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vatm-1vbd-bfam
14
url VCID-wmfv-vtnz-bkad
vulnerability_id VCID-wmfv-vtnz-bkad
summary Potential SQL Injection Vulnerability in silverstripe.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfyd-qn7r-eqdg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-011-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad
15
url VCID-zckr-zxq4-jyev
vulnerability_id VCID-zckr-zxq4-jyev
summary 
Cross-site Scripting
XSS in `install.php`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases SS-2015-016-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zckr-zxq4-jyev
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0