Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56463?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56463?format=api", "purl": "pkg:composer/silverstripe/graphql@4.2.3", "type": "composer", "namespace": "silverstripe", "name": "graphql", "version": "4.2.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.3.7", "latest_non_vulnerable_version": "5.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14107?format=api", "vulnerability_id": "VCID-1mvj-w9yw-kyac", "summary": "View permissions are bypassed for paginated lists of ORM data\n### Impact\n`canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page.\n\nNote that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se.\n\nThis has been fixed by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in your query results having less than the maximum number of records per page even when there are more pages of results.\n\nThis behaviour is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly.\n\nYou can choose to disable these permission checks by disabling the `CanViewPermission` plugin following the instructions in [overriding default plugins](https://docs.silverstripe.org/en/5/developer_guides/graphql/plugins/overview/#overriding-default-plugins).\n\nNote that this vulnerability does not affect version 3.x.\n\n**Base CVSS:** [5.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)\n**Reported by:** Eduard Briem from Hothouse Creative, Nelson\n\n### References\nhttps://www.silverstripe.org/download/security-releases/CVE-2023-44401", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40552", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4058", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40501", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40582", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40545", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40574", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40543", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44401" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-44401.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-44401.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T14:40:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44401", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44401" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T14:40:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401" }, { "reference_url": "https://github.com/advisories/GHSA-jgph-w8rh-xf5p", "reference_id": "GHSA-jgph-w8rh-xf5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgph-w8rh-xf5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50226?format=api", "purl": "pkg:composer/silverstripe/graphql@4.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/50227?format=api", "purl": "pkg:composer/silverstripe/graphql@5.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.3" } ], "aliases": [ "CVE-2023-44401", "GHSA-jgph-w8rh-xf5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mvj-w9yw-kyac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19483?format=api", "vulnerability_id": "VCID-zaty-jxqd-hyb4", "summary": "Uncontrolled Resource Consumption\nsilverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71606", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71625", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71621", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.7161", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71587", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71576", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.71563", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40180" }, { "reference_url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40180", "reference_id": "CVE-2023-40180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40180" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180", "reference_id": "CVE-2023-40180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml", "reference_id": "CVE-2023-40180.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-v23w-pppm-jh66", "reference_id": "GHSA-v23w-pppm-jh66", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v23w-pppm-jh66" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66", "reference_id": "GHSA-v23w-pppm-jh66", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60602?format=api", "purl": "pkg:composer/silverstripe/graphql@4.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/627280?format=api", "purl": "pkg:composer/silverstripe/graphql@4.3.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60603?format=api", "purl": "pkg:composer/silverstripe/graphql@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/627284?format=api", "purl": "pkg:composer/silverstripe/graphql@5.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60604?format=api", "purl": "pkg:composer/silverstripe/graphql@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/627287?format=api", "purl": "pkg:composer/silverstripe/graphql@5.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.0-beta1" } ], "aliases": [ "CVE-2023-40180", "GHSA-v23w-pppm-jh66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zaty-jxqd-hyb4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16817?format=api", "vulnerability_id": "VCID-688j-23f6-hbhj", "summary": "Allocation of Resources Without Limits or Throttling\n`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61555", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61723", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61708", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61754", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61713", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61745", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28104" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/526", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/526" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.2" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28104", "reference_id": "CVE-2023-28104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28104" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-28104", "reference_id": "CVE-2023-28104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-28104" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-28104.yaml", "reference_id": "CVE-2023-28104.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-28104.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-67g8-c724-8mp3", "reference_id": "GHSA-67g8-c724-8mp3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67g8-c724-8mp3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3", "reference_id": "GHSA-67g8-c724-8mp3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-67g8-c724-8mp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56462?format=api", "purl": "pkg:composer/silverstripe/graphql@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" }, { "vulnerability": "VCID-zaty-jxqd-hyb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/56463?format=api", "purl": "pkg:composer/silverstripe/graphql@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mvj-w9yw-kyac" }, { "vulnerability": "VCID-zaty-jxqd-hyb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.3" } ], "aliases": [ "CVE-2023-28104", "GHSA-67g8-c724-8mp3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-688j-23f6-hbhj" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.3" }