Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/77692?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/77692?format=api", "purl": "pkg:composer/silverstripe/graphql@3.3.0", "type": "composer", "namespace": "silverstripe", "name": "graphql", "version": "3.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.8.2", "latest_non_vulnerable_version": "5.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46213?format=api", "vulnerability_id": "VCID-3t8k-6f9c-yue7", "summary": "Uncontrolled Resource Consumption\nsilverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69884", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69876", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40180" }, { "reference_url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40180", "reference_id": "CVE-2023-40180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40180" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180", "reference_id": "CVE-2023-40180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml", "reference_id": "CVE-2023-40180.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-v23w-pppm-jh66", "reference_id": "GHSA-v23w-pppm-jh66", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v23w-pppm-jh66" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66", "reference_id": "GHSA-v23w-pppm-jh66", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67352?format=api", "purl": "pkg:composer/silverstripe/graphql@3.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/681357?format=api", "purl": "pkg:composer/silverstripe/graphql@4.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67353?format=api", "purl": "pkg:composer/silverstripe/graphql@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/67354?format=api", "purl": "pkg:composer/silverstripe/graphql@4.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/681365?format=api", "purl": "pkg:composer/silverstripe/graphql@4.3.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67355?format=api", "purl": "pkg:composer/silverstripe/graphql@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/681369?format=api", "purl": "pkg:composer/silverstripe/graphql@5.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67356?format=api", "purl": "pkg:composer/silverstripe/graphql@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/681372?format=api", "purl": "pkg:composer/silverstripe/graphql@5.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fx1q-f6zv-1ka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.0-beta1" } ], "aliases": [ "CVE-2023-40180", "GHSA-v23w-pppm-jh66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3t8k-6f9c-yue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54588?format=api", "vulnerability_id": "VCID-qmfy-dxag-uuex", "summary": "Improper Authentication\nIn SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4423", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44223", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44155", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "CVE-2020-26136", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "CVE-2020-26136", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80990?format=api", "purl": "pkg:composer/silverstripe/graphql@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t8k-6f9c-yue7" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-sg62-98yy-2kd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/526377?format=api", "purl": "pkg:composer/silverstripe/graphql@3.6.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t8k-6f9c-yue7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80991?format=api", "purl": "pkg:composer/silverstripe/graphql@4.0.0-alpha2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha2" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41544?format=api", "vulnerability_id": "VCID-sg62-98yy-2kd7", "summary": "Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37844", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37842", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37751", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" }, { "reference_url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx", "reference_id": "GHSA-r7rh-g777-g5gx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59235?format=api", "purl": "pkg:composer/silverstripe/graphql@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t8k-6f9c-yue7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.2" } ], "aliases": [ "CVE-2021-28661", "GHSA-r7rh-g777-g5gx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52803?format=api", "vulnerability_id": "VCID-cr1v-ycfc-2qg2", "summary": "Incorrect Default Permissions\nThe automatic permission-checking mechanism in the `silverstripe/graphql` module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the `admin/graphql` endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through `admin/graphql` requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under `/graphql`), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36526", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36535", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36432", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6165" }, { "reference_url": "https://docs.silverstripe.org/en/4/changelogs/4.5.3/?_ga=2.170693920.105499209.1689776417-708940272.1689776417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/4/changelogs/4.5.3/?_ga=2.170693920.105499209.1689776417-708940272.1689776417" }, { "reference_url": "https://docs.silverstripe.org/en/4/changelogs/4.6.0/?_ga=2.170693920.105499209.1689776417-708940272.1689776417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/4/changelogs/4.6.0/?_ga=2.170693920.105499209.1689776417-708940272.1689776417" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-6165.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-6165.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6165", "reference_id": "CVE-2020-6165", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6165" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165", "reference_id": "CVE-2020-6165", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165" }, { "reference_url": "https://github.com/advisories/GHSA-589q-75r3-mfq4", "reference_id": "GHSA-589q-75r3-mfq4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-589q-75r3-mfq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153037?format=api", "purl": "pkg:composer/silverstripe/graphql@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t8k-6f9c-yue7" }, { "vulnerability": "VCID-cr1v-ycfc-2qg2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-sg62-98yy-2kd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/77692?format=api", "purl": "pkg:composer/silverstripe/graphql@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3t8k-6f9c-yue7" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-sg62-98yy-2kd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/77693?format=api", "purl": "pkg:composer/silverstripe/graphql@4.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.5.3" } ], "aliases": [ "CVE-2020-6165", "GHSA-589q-75r3-mfq4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr1v-ycfc-2qg2" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.3.0" }