Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52857?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.3.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.7.5", "latest_non_vulnerable_version": "5.3.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=api", "vulnerability_id": "VCID-1mmc-91gk-r3d3", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55549", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57785?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57786?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/57787?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57788?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57789?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57790?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38262?format=api", "vulnerability_id": "VCID-36z3-nafq-6kez", "summary": "XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52982?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52983?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39021?format=api", "vulnerability_id": "VCID-3x46-q9cb-7ubg", "summary": "Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60505", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf", "reference_id": "GHSA-fwhr-g5r4-xgxf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/213679?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54435?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/213034?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54103?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51855?format=api", "vulnerability_id": "VCID-7hxq-cp29-r7dh", "summary": "Cross-site Scripting\nIn SilverStripe asset-admin, there is XSS in file titles managed through the CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57535", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51851?format=api", "vulnerability_id": "VCID-b6nm-cphj-wfgw", "summary": "Improper Privilege Management\nIn SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53948", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38848?format=api", "vulnerability_id": "VCID-b95v-49p7-fkas", "summary": "Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59447", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "CVE-2017-14498", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" }, { "reference_url": "https://github.com/advisories/GHSA-j696-6m57-mcrv", "reference_id": "GHSA-j696-6m57-mcrv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j696-6m57-mcrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/213034?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54103?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38498?format=api", "vulnerability_id": "VCID-c6bz-jwhm-vkgp", "summary": "Cross-site Scripting\nThere is an XSS in SilverStripe CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.5014", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "CVE-2017-5197", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53251?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53316?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/53252?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53317?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51839?format=api", "vulnerability_id": "VCID-cmwn-cjff-9qau", "summary": "Session Fixation\nSilverStripe allows session fixation in the \"change password\" form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17108", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144275?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/144274?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38263?format=api", "vulnerability_id": "VCID-hnme-cqff-c7dp", "summary": "ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52982?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52983?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-010" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51853?format=api", "vulnerability_id": "VCID-mkex-ht2r-cucz", "summary": "Files or Directories Accessible to External Parties\nIn SilverStripe, there is broken access control on files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51842?format=api", "vulnerability_id": "VCID-nute-ndg2-z7ev", "summary": "Cross-site Scripting\nSilverStripe has Flash Clipboard Reflected XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39336?format=api", "vulnerability_id": "VCID-qdwg-f2bx-1bay", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215636?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/215639?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41074?format=api", "vulnerability_id": "VCID-r1eg-dwej-5kau", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38467?format=api", "vulnerability_id": "VCID-t81f-5b8z-hyht", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53251?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53252?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52799?format=api", "vulnerability_id": "VCID-umhc-fdfh-1fdx", "summary": "Cross-site Scripting\nIn SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57155", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311" }, { "reference_url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x", "reference_id": "GHSA-2pw2-qpcp-m47x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77683?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" } ], "aliases": [ "CVE-2020-9311", "GHSA-2pw2-qpcp-m47x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52274?format=api", "vulnerability_id": "VCID-xg74-3h1h-kqaf", "summary": "Uncontrolled Resource Consumption\nSilverStripe allows a Denial of Service on flush and development URL tools.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.35994", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76173?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51847?format=api", "vulnerability_id": "VCID-y8et-m846-2fc6", "summary": "Information Exposure\nSilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49005", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144275?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/144274?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/144279?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38189?format=api", "vulnerability_id": "VCID-3svb-wudn-aybz", "summary": "VersionedRequestFilter vulnerability\nA cross-site scripting vulnerability in `VersionedRequestFilter` has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-007" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3svb-wudn-aybz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55031?format=api", "vulnerability_id": "VCID-4h4a-xgrk-d7ec", "summary": "silverstripe/framework's `Member.Name` is not escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\".\n\nIf the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013" }, { "reference_url": "https://github.com/advisories/GHSA-r9vp-fp72-xgf7", "reference_id": "GHSA-r9vp-fp72-xgf7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r9vp-fp72-xgf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-r9vp-fp72-xgf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4h4a-xgrk-d7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38190?format=api", "vulnerability_id": "VCID-7ek4-6y31-1qcs", "summary": "Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-014" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55044?format=api", "vulnerability_id": "VCID-7jm4-cjg3-rkcz", "summary": "silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-014", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-014" }, { "reference_url": "https://github.com/advisories/GHSA-5r8w-66hq-rc39", "reference_id": "GHSA-5r8w-66hq-rc39", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5r8w-66hq-rc39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-5r8w-66hq-rc39" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jm4-cjg3-rkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38194?format=api", "vulnerability_id": "VCID-at1s-qxsg-5yfs", "summary": "XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-015" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38191?format=api", "vulnerability_id": "VCID-c437-w2zy-y7c9", "summary": "ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52859?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.10-stable", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-011" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55039?format=api", "vulnerability_id": "VCID-czh2-w6fk-xqd6", "summary": "silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-011" }, { "reference_url": "https://github.com/advisories/GHSA-p5h2-vr99-xm99", "reference_id": "GHSA-p5h2-vr99-xm99", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p5h2-vr99-xm99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-p5h2-vr99-xm99" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czh2-w6fk-xqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38195?format=api", "vulnerability_id": "VCID-ewg1-jqza-eyez", "summary": "Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54997?format=api", "vulnerability_id": "VCID-f4hv-79km-3ygt", "summary": "Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter\nA cross-site scripting vulnerability in VersionedRequestFilter has been found.\n\nIf an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-007-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-007-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3fa84cf0c64a539d78600c36364817a8e38411d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3fa84cf0c64a539d78600c36364817a8e38411d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/41be95c95a55031412ee4056aeee5c2c69595836", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/41be95c95a55031412ee4056aeee5c2c69595836" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-007" }, { "reference_url": "https://github.com/advisories/GHSA-mpqj-f4v3-334h", "reference_id": "GHSA-mpqj-f4v3-334h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mpqj-f4v3-334h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-mpqj-f4v3-334h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4hv-79km-3ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38188?format=api", "vulnerability_id": "VCID-gkkp-9fm7-jfaz", "summary": "Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55029?format=api", "vulnerability_id": "VCID-n1mj-u4yk-jqhn", "summary": "silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-015" }, { "reference_url": "https://github.com/advisories/GHSA-468j-6jrc-2rjx", "reference_id": "GHSA-468j-6jrc-2rjx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-468j-6jrc-2rjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-468j-6jrc-2rjx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1mj-u4yk-jqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55034?format=api", "vulnerability_id": "VCID-vatg-guxu-2ud7", "summary": "silverstripe/framework missing ACL on reports\nThe SS_Report, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user.\n\nIt does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-012" }, { "reference_url": "https://github.com/advisories/GHSA-52cx-hpc5-cxwc", "reference_id": "GHSA-52cx-hpc5-cxwc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-52cx-hpc5-cxwc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-52cx-hpc5-cxwc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vatg-guxu-2ud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55027?format=api", "vulnerability_id": "VCID-y6gd-vy49-17b4", "summary": "silverstripe/framework password encryption salt not updated\nWhen a user changes their password, the internal salt used for hashing their password is not updated.\n\nAlthough this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-008" }, { "reference_url": "https://github.com/advisories/GHSA-f3wp-xpv2-6vmg", "reference_id": "GHSA-f3wp-xpv2-6vmg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3wp-xpv2-6vmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" } ], "aliases": [ "GHSA-f3wp-xpv2-6vmg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6gd-vy49-17b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38192?format=api", "vulnerability_id": "VCID-z28b-1yrx-1bbn", "summary": "Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52855?format=api", "purl": "pkg:composer/silverstripe/framework@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/52856?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52857?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52858?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-36z3-nafq-6kez" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-c6bz-jwhm-vkgp" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-hnme-cqff-c7dp" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-t81f-5b8z-hyht" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205319?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-008" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }