Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54914?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54914?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "4.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.4", "latest_non_vulnerable_version": "5.3.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=api", "vulnerability_id": "VCID-1mmc-91gk-r3d3", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55549", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57787?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57788?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57789?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57790?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110792?format=api", "vulnerability_id": "VCID-24a5-ruc4-bycq", "summary": "Stored XSS in link tags added via XHR in SilverStripe Framework\nSilverStripe Framework 4.x prior to 4.10.9 is vulnerable to cross-site scripting inside the href attribute of an HTML hyperlink, which can be added to website content via XMLHttpRequest (XHR) by an authenticated CMS user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40417", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28803" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-28803.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-28803.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28803", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28803" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803" }, { "reference_url": "https://github.com/advisories/GHSA-rppc-655v-7j3c", "reference_id": "GHSA-rppc-655v-7j3c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rppc-655v-7j3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149279?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" } ], "aliases": [ "CVE-2022-28803", "GHSA-rppc-655v-7j3c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24a5-ruc4-bycq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57120?format=api", "vulnerability_id": "VCID-2hk2-hzyh-wbhf", "summary": "Silverstripe Framework user enumeration via timing attack on login and password reset forms\nUser enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.\n\nThis was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11681", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11681" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2025-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2025-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "GHSA-256q-hx8w-xcqx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-256q-hx8w-xcqx" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx", "reference_id": "GHSA-256q-hx8w-xcqx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84817?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "GHSA-256q-hx8w-xcqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hk2-hzyh-wbhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110159?format=api", "vulnerability_id": "VCID-7gak-15m5-j3f5", "summary": "Blind SQL Injection via GridFieldSortableHeader\nGridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability.\n\nAn attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52855", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38148" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38148.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38148", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38148" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38148", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38148" }, { "reference_url": "https://github.com/advisories/GHSA-rr8h-f97q-8p9c", "reference_id": "GHSA-rr8h-f97q-8p9c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rr8h-f97q-8p9c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148572?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/148573?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.14" } ], "aliases": [ "CVE-2022-38148", "GHSA-rr8h-f97q-8p9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gak-15m5-j3f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51855?format=api", "vulnerability_id": "VCID-7hxq-cp29-r7dh", "summary": "Cross-site Scripting\nIn SilverStripe asset-admin, there is XSS in file titles managed through the CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57535", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110112?format=api", "vulnerability_id": "VCID-7w7t-3783-1kbs", "summary": "Stored XSS using uppercase characters in HTMLEditor\nA malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55495", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37430" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-37430.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-37430.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37430", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37430" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37430", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37430" }, { "reference_url": "https://github.com/advisories/GHSA-qw4w-vq8v-2wcv", "reference_id": "GHSA-qw4w-vq8v-2wcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qw4w-vq8v-2wcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148496?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.13" } ], "aliases": [ "CVE-2022-37430", "GHSA-qw4w-vq8v-2wcv", "GMS-2022-6857" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7w7t-3783-1kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110323?format=api", "vulnerability_id": "VCID-9t4k-8hsz-bfdw", "summary": "Reflected XSS in querystring parameters\nAn attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.\n\nTo exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload.\n\nThis will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SS_ENVIRONMENT_TYPE environment variable is set to dev. Production sites should always set SS_ENVIRONMENT_TYPE to live.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71981", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38462" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38462.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38462.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38462" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-38462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-38462" }, { "reference_url": "https://github.com/advisories/GHSA-vvxf-r4vm-2vm6", "reference_id": "GHSA-vvxf-r4vm-2vm6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vvxf-r4vm-2vm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148496?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.13" } ], "aliases": [ "CVE-2022-38462", "GHSA-vvxf-r4vm-2vm6", "GMS-2022-6858" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t4k-8hsz-bfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51851?format=api", "vulnerability_id": "VCID-b6nm-cphj-wfgw", "summary": "Improper Privilege Management\nIn SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53948", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110171?format=api", "vulnerability_id": "VCID-ca4q-xd4v-vqfe", "summary": "Silverstripe XSS in shortcodes\nA malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55495", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38724" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2022-38724.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2022-38724.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38724.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38724.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38724", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38724" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-38724", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-38724" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724", "reference_id": "CVE-2022-38724", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724" }, { "reference_url": "https://github.com/advisories/GHSA-9cx2-hj6m-fv58", "reference_id": "GHSA-9cx2-hj6m-fv58", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9cx2-hj6m-fv58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148496?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.13" } ], "aliases": [ "CVE-2022-38724", "GHSA-9cx2-hj6m-fv58", "GMS-2022-6853", "GMS-2022-6856" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca4q-xd4v-vqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51839?format=api", "vulnerability_id": "VCID-cmwn-cjff-9qau", "summary": "Session Fixation\nSilverStripe allows session fixation in the \"change password\" form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17108", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110569?format=api", "vulnerability_id": "VCID-fmfu-81xu-pfdy", "summary": "Stored XSS via HTML fields in SilverStripe Framework\nSilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56878", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25238" }, { "reference_url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-25238.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-25238.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25238", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25238" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-25238", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-25238" }, { "reference_url": "https://github.com/advisories/GHSA-jx34-gqqq-r6gm", "reference_id": "GHSA-jx34-gqqq-r6gm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jx34-gqqq-r6gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149279?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" } ], "aliases": [ "CVE-2022-25238", "GHSA-jx34-gqqq-r6gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmfu-81xu-pfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51853?format=api", "vulnerability_id": "VCID-mkex-ht2r-cucz", "summary": "Files or Directories Accessible to External Parties\nIn SilverStripe, there is broken access control on files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51842?format=api", "vulnerability_id": "VCID-nute-ndg2-z7ev", "summary": "Cross-site Scripting\nSilverStripe has Flash Clipboard Reflected XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52000?format=api", "vulnerability_id": "VCID-nzcm-xbxx-wyf9", "summary": "SilverStripe Versioned Files module Unpublished files are exposed publicly\nIn the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53437", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16409" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/symbiote/silverstripe-versionedfiles", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symbiote/silverstripe-versionedfiles" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16409", "reference_id": "CVE-2019-16409", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16409" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409", "reference_id": "CVE-2019-16409", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409/", "reference_id": "CVE-2019-16409", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409/" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml", "reference_id": "CVE-2019-16409.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xm6j-x342-gwq9", "reference_id": "GHSA-xm6j-x342-gwq9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xm6j-x342-gwq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-16409", "GHSA-xm6j-x342-gwq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcm-xbxx-wyf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111897?format=api", "vulnerability_id": "VCID-pkve-yjqy-syc2", "summary": "SilverStripe Web Cache Poisoning through HTTPRequestBuilder\nSilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4335", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326" }, { "reference_url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m", "reference_id": "GHSA-q9ff-3q93-fm8m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77688?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/77689?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2019-19326", "GHSA-q9ff-3q93-fm8m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39336?format=api", "vulnerability_id": "VCID-qdwg-f2bx-1bay", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41074?format=api", "vulnerability_id": "VCID-r1eg-dwej-5kau", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52516?format=api", "vulnerability_id": "VCID-ru3j-21j8-ayhm", "summary": "Unrestricted Upload of File with Dangerous Type\nIn SilverStripe, files uploaded via Forms to folders migrated from Silverstripe may be put to the default `/Uploads` folder instead.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.60093", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9280" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9280", "reference_id": "CVE-2020-9280", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9280" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280", "reference_id": "CVE-2020-9280", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280" }, { "reference_url": "https://github.com/advisories/GHSA-592m-4533-rxq9", "reference_id": "GHSA-592m-4533-rxq9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-592m-4533-rxq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152803?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/77115?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1" } ], "aliases": [ "CVE-2020-9280", "GHSA-592m-4533-rxq9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru3j-21j8-ayhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52274?format=api", "vulnerability_id": "VCID-xg74-3h1h-kqaf", "summary": "Uncontrolled Resource Consumption\nSilverStripe allows a Denial of Service on flush and development URL tools.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.35994", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76173?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110084?format=api", "vulnerability_id": "VCID-xm4q-u96p-57dd", "summary": "Stored XSS using HTMLEditor\nA malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.\n\nAn attacker must have access to the CMS to exploit this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55495", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37429" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-37429.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-37429.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37429", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37429" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37429", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37429" }, { "reference_url": "https://github.com/advisories/GHSA-wc6r-4ggc-79w5", "reference_id": "GHSA-wc6r-4ggc-79w5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wc6r-4ggc-79w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148496?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.13" } ], "aliases": [ "CVE-2022-37429", "GHSA-wc6r-4ggc-79w5", "GMS-2022-6859" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xm4q-u96p-57dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51847?format=api", "vulnerability_id": "VCID-y8et-m846-2fc6", "summary": "Information Exposure\nSilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49005", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/144279?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52802?format=api", "vulnerability_id": "VCID-ytbc-8mhd-b3fc", "summary": "Information Exposure\nIn SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00703", "scoring_system": "epss", "scoring_elements": "0.72448", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6164" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6164", "reference_id": "CVE-2020-6164", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6164" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164", "reference_id": "CVE-2020-6164", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164" }, { "reference_url": "https://github.com/advisories/GHSA-gm5x-hpmw-xpxg", "reference_id": "GHSA-gm5x-hpmw-xpxg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gm5x-hpmw-xpxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77688?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ytbc-8mhd-b3fc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/249187?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ru3j-21j8-ayhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77689?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2020-6164", "GHSA-gm5x-hpmw-xpxg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0" }