Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.2.0

Type composer

Namespace silverstripe

Name framework

Version 3.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.1

Latest_non_vulnerable_version 5.1.11

Affected_by_vulnerabilities

url VCID-4n9x-x4kd-jyfu

vulnerability_id VCID-4n9x-x4kd-jyfu

summary

XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.

references

reference_url	http://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2015-026/

fixed_packages

url	pkg:composer/silverstripe/framework@3.2.1
purl	pkg:composer/silverstripe/framework@3.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

aliases SS-2015-026

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9x-x4kd-jyfu

url VCID-hnhv-qx7p-wqcw

vulnerability_id VCID-hnhv-qx7p-wqcw

summary

Cross-Site Request Forgery (CSRF)
CSRF vulnerability in `GridFieldAddExistingAutocompleter`.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2016-002/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2016-002/

fixed_packages

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2016-002-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhv-qx7p-wqcw

url VCID-rrmd-ud59-ffbp

vulnerability_id VCID-rrmd-ud59-ffbp

summary

Improper Authentication
'Missing security check on `dev/build/defaults`.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-028/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-028/

fixed_packages

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2015-028-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrmd-ud59-ffbp

url VCID-vatm-1vbd-bfam

vulnerability_id VCID-vatm-1vbd-bfam

summary SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2016-003/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2016-003/

fixed_packages

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2016-003-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vatm-1vbd-bfam

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0

Package Instance