Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/reports@3.6.1-alpha2

Type composer

Namespace silverstripe

Name reports

Version 3.6.1-alpha2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.3

Latest_non_vulnerable_version 5.2.3

Affected_by_vulnerabilities

url VCID-9nv5-rujh-r7ck

vulnerability_id VCID-9nv5-rujh-r7ck

summary silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-29885

reference_id

reference_type

scores

value	0.00543
scoring_system	epss
scoring_elements	0.68248
published_at	2026-06-12T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.6816
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-29885

reference_url

https://github.com/silverstripe/silverstripe-reports

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-reports

reference_url

https://github.com/silverstripe/silverstripe-reports/commit/0351106c18ad4246d983b5f4e082c09c382121f4

reference_id

0351106c18ad4246d983b5f4e082c09c382121f4

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:54:52Z/

url

https://github.com/silverstripe/silverstripe-reports/commit/0351106c18ad4246d983b5f4e082c09c382121f4

reference_url

https://www.silverstripe.org/download/security-releases/cve-2024-29885

reference_id

cve-2024-29885

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:54:52Z/

url

https://www.silverstripe.org/download/security-releases/cve-2024-29885

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-29885

reference_id

CVE-2024-29885

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-29885

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/reports/CVE-2024-29885.yaml

reference_id

CVE-2024-29885.YAML

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/reports/CVE-2024-29885.yaml

reference_url

https://github.com/advisories/GHSA-89q6-98xx-4ffw

reference_id

GHSA-89q6-98xx-4ffw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89q6-98xx-4ffw

reference_url

https://github.com/silverstripe/silverstripe-reports/security/advisories/GHSA-89q6-98xx-4ffw

reference_id

GHSA-89q6-98xx-4ffw

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:54:52Z/

url

https://github.com/silverstripe/silverstripe-reports/security/advisories/GHSA-89q6-98xx-4ffw

fixed_packages

url	pkg:composer/silverstripe/reports@5.2.3
purl	pkg:composer/silverstripe/reports@5.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/reports@5.2.3

aliases CVE-2024-29885, GHSA-89q6-98xx-4ffw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nv5-rujh-r7ck

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/reports@3.6.1-alpha2

Package Instance