Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/graphql@5.0.0-alpha1
Typecomposer
Namespacesilverstripe
Namegraphql
Version5.0.0-alpha1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.1.3
Latest_non_vulnerable_version5.1.3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-zaty-jxqd-hyb4
vulnerability_id VCID-zaty-jxqd-hyb4
summary 
Uncontrolled Resource Consumption
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40180
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71536
published_at 2026-04-07T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.71606
published_at 2026-04-21T12:55:00Z
2
value 0.0068
scoring_system epss
scoring_elements 0.71625
published_at 2026-04-18T12:55:00Z
3
value 0.0068
scoring_system epss
scoring_elements 0.71621
published_at 2026-04-16T12:55:00Z
4
value 0.0068
scoring_system epss
scoring_elements 0.71594
published_at 2026-04-12T12:55:00Z
5
value 0.0068
scoring_system epss
scoring_elements 0.7161
published_at 2026-04-11T12:55:00Z
6
value 0.0068
scoring_system epss
scoring_elements 0.71587
published_at 2026-04-09T12:55:00Z
7
value 0.0068
scoring_system epss
scoring_elements 0.71576
published_at 2026-04-13T12:55:00Z
8
value 0.0068
scoring_system epss
scoring_elements 0.71546
published_at 2026-04-02T12:55:00Z
9
value 0.0068
scoring_system epss
scoring_elements 0.71563
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40180
1
reference_url https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
4
reference_url https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40180
reference_id CVE-2023-40180
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40180
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-40180
reference_id CVE-2023-40180
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-40180
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml
reference_id CVE-2023-40180.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml
8
reference_url https://github.com/advisories/GHSA-v23w-pppm-jh66
reference_id GHSA-v23w-pppm-jh66
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v23w-pppm-jh66
9
reference_url https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
reference_id GHSA-v23w-pppm-jh66
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
fixed_packages
0
url pkg:composer/silverstripe/graphql@3.8.2
purl pkg:composer/silverstripe/graphql@3.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.2
1
url pkg:composer/silverstripe/graphql@4.0.0-alpha1
purl pkg:composer/silverstripe/graphql@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajga-3b99-yugh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha1
2
url pkg:composer/silverstripe/graphql@4.1.3
purl pkg:composer/silverstripe/graphql@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.3
3
url pkg:composer/silverstripe/graphql@4.2.5
purl pkg:composer/silverstripe/graphql@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.5
4
url pkg:composer/silverstripe/graphql@4.3.0-rc1
purl pkg:composer/silverstripe/graphql@4.3.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0-rc1
5
url pkg:composer/silverstripe/graphql@4.3.4
purl pkg:composer/silverstripe/graphql@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.4
6
url pkg:composer/silverstripe/graphql@5.0.0-alpha1
purl pkg:composer/silverstripe/graphql@5.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1
7
url pkg:composer/silverstripe/graphql@5.0.3
purl pkg:composer/silverstripe/graphql@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.3
8
url pkg:composer/silverstripe/graphql@5.1.0-beta1
purl pkg:composer/silverstripe/graphql@5.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mvj-w9yw-kyac
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.0-beta1
aliases CVE-2023-40180, GHSA-v23w-pppm-jh66
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zaty-jxqd-hyb4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1