Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.2.0-alpha

Type composer

Namespace silverstripe

Name framework

Version 3.2.0-alpha

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.7.5

Latest_non_vulnerable_version 5.3.23

Affected_by_vulnerabilities

url VCID-1uhv-fetz-j7fd

vulnerability_id VCID-1uhv-fetz-j7fd

summary

XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893

reference_url	http://www.silverstripe.org/download/security-releases/ss-2016-001
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2016-001

fixed_packages

url pkg:composer/silverstripe/framework@3.2.4-rc1

purl pkg:composer/silverstripe/framework@3.2.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1

url pkg:composer/silverstripe/framework@3.2.4

purl pkg:composer/silverstripe/framework@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4

url pkg:composer/silverstripe/framework@3.3.2-rc1

purl pkg:composer/silverstripe/framework@3.3.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1

url pkg:composer/silverstripe/framework@3.3.2

purl pkg:composer/silverstripe/framework@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-f4hv-79km-3ygt

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2

aliases SS-2016-001

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd

url VCID-evh4-xq48-4fa6

vulnerability_id VCID-evh4-xq48-4fa6

summary

Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2

reference_url	http://www.silverstripe.org/download/security-releases/ss-2016-005
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2016-005

fixed_packages

url pkg:composer/silverstripe/framework@3.2.4-rc1

purl pkg:composer/silverstripe/framework@3.2.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1

url pkg:composer/silverstripe/framework@3.2.4

purl pkg:composer/silverstripe/framework@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4

url pkg:composer/silverstripe/framework@3.3.2-rc1

purl pkg:composer/silverstripe/framework@3.3.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1

url pkg:composer/silverstripe/framework@3.3.2

purl pkg:composer/silverstripe/framework@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-f4hv-79km-3ygt

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2

aliases SS-2016-005

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6

url VCID-ggbg-8mtc-hudc

vulnerability_id VCID-ggbg-8mtc-hudc

summary

XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770

reference_url	http://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2016-004

fixed_packages

url pkg:composer/silverstripe/framework@3.2.4-rc1

purl pkg:composer/silverstripe/framework@3.2.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1

url pkg:composer/silverstripe/framework@3.2.4

purl pkg:composer/silverstripe/framework@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4

url pkg:composer/silverstripe/framework@3.3.2-rc1

purl pkg:composer/silverstripe/framework@3.3.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1

url pkg:composer/silverstripe/framework@3.3.2

purl pkg:composer/silverstripe/framework@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-f4hv-79km-3ygt

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2

aliases SS-2016-004

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc

url VCID-m5rs-qptc-vued

vulnerability_id VCID-m5rs-qptc-vued

summary

Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989

reference_url	http://stackoverflow.com/a/15350123
reference_id
reference_type
scores
url	http://stackoverflow.com/a/15350123

reference_url	http://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2016-006

fixed_packages

url pkg:composer/silverstripe/framework@3.2.4-rc1

purl pkg:composer/silverstripe/framework@3.2.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1

url pkg:composer/silverstripe/framework@3.2.4

purl pkg:composer/silverstripe/framework@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4

url pkg:composer/silverstripe/framework@3.3.2-rc1

purl pkg:composer/silverstripe/framework@3.3.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1

url pkg:composer/silverstripe/framework@3.3.2

purl pkg:composer/silverstripe/framework@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-f4hv-79km-3ygt

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2

aliases SS-2016-006

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued

url VCID-q939-fszs-wfdp

vulnerability_id VCID-q939-fszs-wfdp

summary

CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a

reference_url	http://www.silverstripe.org/download/security-releases/ss-2015-029
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/ss-2015-029

fixed_packages

url pkg:composer/silverstripe/framework@3.2.4-rc1

purl pkg:composer/silverstripe/framework@3.2.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1

url pkg:composer/silverstripe/framework@3.2.4

purl pkg:composer/silverstripe/framework@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4

url pkg:composer/silverstripe/framework@3.3.2-rc1

purl pkg:composer/silverstripe/framework@3.3.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-4h4a-xgrk-d7ec

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-7jm4-cjg3-rkcz

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-czh2-w6fk-xqd6

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-n1mj-u4yk-jqhn

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-vatg-guxu-2ud7

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y6gd-vy49-17b4

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1

url pkg:composer/silverstripe/framework@3.3.2

purl pkg:composer/silverstripe/framework@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-36z3-nafq-6kez

vulnerability	VCID-3svb-wudn-aybz

vulnerability	VCID-3x46-q9cb-7ubg

vulnerability	VCID-7ek4-6y31-1qcs

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-at1s-qxsg-5yfs

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-b95v-49p7-fkas

vulnerability	VCID-c437-w2zy-y7c9

vulnerability	VCID-c6bz-jwhm-vkgp

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-ewg1-jqza-eyez

vulnerability	VCID-f4hv-79km-3ygt

vulnerability	VCID-gkkp-9fm7-jfaz

vulnerability	VCID-hnme-cqff-c7dp

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-t81f-5b8z-hyht

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-z28b-1yrx-1bbn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2

aliases SS-2015-029

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-alpha

Package Instance