Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/81462?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/81462?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.3", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.2.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.3.5", "latest_non_vulnerable_version": "5.2.16", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340851?format=api", "vulnerability_id": "VCID-24hm-9rm5-f3dm", "summary": "Silverstripe Brute force bypass on default admin", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-005-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-005-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-005" }, { "reference_url": "https://github.com/advisories/GHSA-8v6m-7f5v-hhx6", "reference_id": "GHSA-8v6m-7f5v-hhx6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8v6m-7f5v-hhx6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "GHSA-8v6m-7f5v-hhx6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24hm-9rm5-f3dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13529?format=api", "vulnerability_id": "VCID-3497-71mw-yqh8", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55522", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56783?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56784?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/56785?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56786?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/56787?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/56788?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-8bkg-xn4y-nydr" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3497-71mw-yqh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137842?format=api", "vulnerability_id": "VCID-4mg2-rjsn-qyfx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "CVE-2019-12203.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74365?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74364?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10919?format=api", "vulnerability_id": "VCID-6e1y-7jj8-a7cw", "summary": "XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-004" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6e1y-7jj8-a7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137865?format=api", "vulnerability_id": "VCID-7kmy-8ht6-8fcw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74365?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74364?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74368?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10920?format=api", "vulnerability_id": "VCID-7me4-ggep-sbhj", "summary": "Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989" }, { "reference_url": "http://stackoverflow.com/a/15350123", "reference_id": "", "reference_type": "", "scores": [], "url": "http://stackoverflow.com/a/15350123" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-006" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7me4-ggep-sbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11065?format=api", "vulnerability_id": "VCID-7uum-b28k-nqbm", "summary": "XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-001/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-016/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uum-b28k-nqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11000?format=api", "vulnerability_id": "VCID-7wzc-kyxs-wbc2", "summary": "ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51817?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.10-stable", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-011" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wzc-kyxs-wbc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11271?format=api", "vulnerability_id": "VCID-91wy-94bg-bfc3", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52220?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52221?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91wy-94bg-bfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137866?format=api", "vulnerability_id": "VCID-9vwe-uejx-c3c5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36012", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74359?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4ywc-gcvd-73a9" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340850?format=api", "vulnerability_id": "VCID-a93f-g6rr-2bcz", "summary": "Silverstripe XSS in CMS Edit Page", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commits/3.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commits/3.3.2" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-004" }, { "reference_url": "https://github.com/advisories/GHSA-m8v7-x398-pxrf", "reference_id": "GHSA-m8v7-x398-pxrf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8v7-x398-pxrf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "GHSA-m8v7-x398-pxrf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a93f-g6rr-2bcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10997?format=api", "vulnerability_id": "VCID-a95a-ygek-hfby", "summary": "Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a95a-ygek-hfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11001?format=api", "vulnerability_id": "VCID-bexp-ws1g-1fdu", "summary": "Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-008" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bexp-ws1g-1fdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11004?format=api", "vulnerability_id": "VCID-d9he-ahd2-xkde", "summary": "Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9he-ahd2-xkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11303?format=api", "vulnerability_id": "VCID-eu6p-szkb-m7b1", "summary": "Cross-site Scripting\nThere is an XSS in SilverStripe CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "CVE-2017-5197", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52220?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52286?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52221?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52287?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eu6p-szkb-m7b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139230?format=api", "vulnerability_id": "VCID-k1aa-deyg-2kdg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57522", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1aa-deyg-2kdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139231?format=api", "vulnerability_id": "VCID-k6ed-y2ud-wffu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56678", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "CVE-2019-14273.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ed-y2ud-wffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10921?format=api", "vulnerability_id": "VCID-km94-727n-nfa6", "summary": "CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2015-029", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2015-029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2015-029" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-km94-727n-nfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10917?format=api", "vulnerability_id": "VCID-ku6h-zhz1-8ydr", "summary": "Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-005" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ku6h-zhz1-8ydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340852?format=api", "vulnerability_id": "VCID-kykm-f6zq-bbhr", "summary": "Silverstripe Missing CSRF protection in login form", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-006-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-006-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989" }, { "reference_url": "https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks/15350123#15350123", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks/15350123#15350123" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-006" }, { "reference_url": "https://github.com/advisories/GHSA-vj2j-6g3w-4662", "reference_id": "GHSA-vj2j-6g3w-4662", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vj2j-6g3w-4662" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "GHSA-vj2j-6g3w-4662" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kykm-f6zq-bbhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138126?format=api", "vulnerability_id": "VCID-m2bw-tabk-qyd8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "CVE-2019-12617.YAML", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12093?format=api", "vulnerability_id": "VCID-pq7w-n99a-q7cj", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43716", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/108959?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53884?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/108962?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53885?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/108963?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53886?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-jc9t-3hb5-z3g5" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq7w-n99a-q7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10999?format=api", "vulnerability_id": "VCID-u7hh-49t3-13df", "summary": "Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-014" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7hh-49t3-13df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10918?format=api", "vulnerability_id": "VCID-ud6e-smr7-vffw", "summary": "XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893" }, { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-001", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51629?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51628?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51631?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-287p-st1a-bygy" }, { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-4sg7-t89g-xuga" }, { "vulnerability": "VCID-6xct-esdm-m7a6" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a7pf-uwqr-9qb2" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d31b-9v7t-d7fu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-hgb3-kxxe-9ub7" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51630?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-67yd-mhz1-k3cd" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-7wzc-kyxs-wbc2" }, { "vulnerability": "VCID-8py4-rxgp-uqdh" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-a95a-ygek-hfby" }, { "vulnerability": "VCID-bexp-ws1g-1fdu" }, { "vulnerability": "VCID-d9he-ahd2-xkde" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-u7hh-49t3-13df" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-uww2-1x5r-ufc6" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2" } ], "aliases": [ "SS-2016-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud6e-smr7-vffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11066?format=api", "vulnerability_id": "VCID-upvz-qc95-nua2", "summary": "ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51946?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51947?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51948?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2" } ], "aliases": [ "SS-2016-010" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upvz-qc95-nua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11003?format=api", "vulnerability_id": "VCID-uww2-1x5r-ufc6", "summary": "XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.", "references": [ { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2016-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51814?format=api", "purl": "pkg:composer/silverstripe/framework@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51815?format=api", "purl": "pkg:composer/silverstripe/framework@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51816?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-7uum-b28k-nqbm" }, { "vulnerability": "VCID-91wy-94bg-bfc3" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-eu6p-szkb-m7b1" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-upvz-qc95-nua2" }, { "vulnerability": "VCID-vrv4-sy3z-jfe2" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-xazf-vmz5-r3dj" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/97166?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1" } ], "aliases": [ "SS-2016-015" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uww2-1x5r-ufc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11607?format=api", "vulnerability_id": "VCID-vrv4-sy3z-jfe2", "summary": "Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59419", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "CVE-2017-14498", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/105334?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53062?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrv4-sy3z-jfe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137844?format=api", "vulnerability_id": "VCID-x6g5-a61e-3khu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74358?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74360?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ywc-gcvd-73a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=api", "vulnerability_id": "VCID-xazf-vmz5-r3dj", "summary": "Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6047", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/106111?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53395?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/105334?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53062?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3497-71mw-yqh8" }, { "vulnerability": "VCID-4mg2-rjsn-qyfx" }, { "vulnerability": "VCID-7kmy-8ht6-8fcw" }, { "vulnerability": "VCID-9vwe-uejx-c3c5" }, { "vulnerability": "VCID-k1aa-deyg-2kdg" }, { "vulnerability": "VCID-k6ed-y2ud-wffu" }, { "vulnerability": "VCID-m2bw-tabk-qyd8" }, { "vulnerability": "VCID-pq7w-n99a-q7cj" }, { "vulnerability": "VCID-x6g5-a61e-3khu" }, { "vulnerability": "VCID-yxg1-dz91-ckgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xazf-vmz5-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13696?format=api", "vulnerability_id": "VCID-yxg1-dz91-ckgs", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41992", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145313?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jc9t-3hb5-z3g5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.3" }