Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dgke-xzhn-dkg5
Summary
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default configuration. Since allowed_extensions are synced to webserver configuration (in assets/.htaccess) automatically, this will also deny access to any existing uploads with these extensions.

Review our security guidelines for the Common Web Platform and the File Security guide for SilverStripe 4 to find out how to add or remove extensions.
Aliases
0
alias GHSA-vcg6-8fxc-x5cq
Fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.6
purl pkg:composer/silverstripe/framework@3.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.6
1
url pkg:composer/silverstripe/framework@4.0.4
purl pkg:composer/silverstripe/framework@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-c75p-3hdz-q3b6
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-kxyq-vg6e-6uac
29
vulnerability VCID-m8w1-g9h9-vuce
30
vulnerability VCID-p2kq-rkh6-ayeu
31
vulnerability VCID-pq29-qe7h-tkcp
32
vulnerability VCID-qak9-2t7g-w3fv
33
vulnerability VCID-qjgf-hxng-j3g9
34
vulnerability VCID-qm38-1cwk-b3hq
35
vulnerability VCID-tc2y-zrea-vyb2
36
vulnerability VCID-u49v-31sv-eqc3
37
vulnerability VCID-ua49-snhx-dqa4
38
vulnerability VCID-w4fh-cpaq-nqat
39
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4
2
url pkg:composer/silverstripe/framework@4.1.1
purl pkg:composer/silverstripe/framework@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-ftdr-uzuh-8ybc
21
vulnerability VCID-fyxa-vzeq-ubeq
22
vulnerability VCID-gme6-wj87-ekfw
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kd3t-2gzd-q3hq
25
vulnerability VCID-kgm4-g26x-gken
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-kxyq-vg6e-6uac
30
vulnerability VCID-m8w1-g9h9-vuce
31
vulnerability VCID-p2kq-rkh6-ayeu
32
vulnerability VCID-pq29-qe7h-tkcp
33
vulnerability VCID-qak9-2t7g-w3fv
34
vulnerability VCID-qjgf-hxng-j3g9
35
vulnerability VCID-qm38-1cwk-b3hq
36
vulnerability VCID-tc2y-zrea-vyb2
37
vulnerability VCID-u49v-31sv-eqc3
38
vulnerability VCID-ua49-snhx-dqa4
39
vulnerability VCID-w4fh-cpaq-nqat
40
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1
Affected_packages
0
url pkg:composer/silverstripe/framework@3.6.5-rc1
purl pkg:composer/silverstripe/framework@3.6.5-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dgke-xzhn-dkg5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.5-rc1
1
url pkg:composer/silverstripe/framework@3.6.5
purl pkg:composer/silverstripe/framework@3.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-dgke-xzhn-dkg5
15
vulnerability VCID-eddc-w9wx-c3gq
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-ff5q-59gf-nugg
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-kak1-btjp-kqgz
21
vulnerability VCID-kvhv-9fj5-7kgk
22
vulnerability VCID-kw9p-5fbc-hudg
23
vulnerability VCID-kxa8-dmva-ayff
24
vulnerability VCID-p2kq-rkh6-ayeu
25
vulnerability VCID-pffp-vtk7-pqby
26
vulnerability VCID-pq29-qe7h-tkcp
27
vulnerability VCID-qm38-1cwk-b3hq
28
vulnerability VCID-tc2y-zrea-vyb2
29
vulnerability VCID-tm1s-2m92-uyh9
30
vulnerability VCID-u49v-31sv-eqc3
31
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.5
2
url pkg:composer/silverstripe/framework@3.6.6-rc1
purl pkg:composer/silverstripe/framework@3.6.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-dgke-xzhn-dkg5
15
vulnerability VCID-eddc-w9wx-c3gq
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-ff5q-59gf-nugg
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-kak1-btjp-kqgz
21
vulnerability VCID-kvhv-9fj5-7kgk
22
vulnerability VCID-kw9p-5fbc-hudg
23
vulnerability VCID-kxa8-dmva-ayff
24
vulnerability VCID-p2kq-rkh6-ayeu
25
vulnerability VCID-pffp-vtk7-pqby
26
vulnerability VCID-pq29-qe7h-tkcp
27
vulnerability VCID-qm38-1cwk-b3hq
28
vulnerability VCID-tc2y-zrea-vyb2
29
vulnerability VCID-tm1s-2m92-uyh9
30
vulnerability VCID-u49v-31sv-eqc3
31
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.6-rc1
3
url pkg:composer/silverstripe/framework@4.0.3-rc1
purl pkg:composer/silverstripe/framework@4.0.3-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b9th-m3ys-7bat
1
vulnerability VCID-dgke-xzhn-dkg5
2
vulnerability VCID-pffp-vtk7-pqby
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.3-rc1
4
url pkg:composer/silverstripe/framework@4.0.3
purl pkg:composer/silverstripe/framework@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-b9th-m3ys-7bat
13
vulnerability VCID-bdcq-z11u-zyh5
14
vulnerability VCID-c75p-3hdz-q3b6
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-cfgg-fgjt-z3hn
17
vulnerability VCID-d5q3-jrdb-euav
18
vulnerability VCID-dc9y-v257-6bhf
19
vulnerability VCID-dgke-xzhn-dkg5
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-gme6-wj87-ekfw
26
vulnerability VCID-jx5m-bqc6-h3bv
27
vulnerability VCID-kak1-btjp-kqgz
28
vulnerability VCID-kd3t-2gzd-q3hq
29
vulnerability VCID-kgm4-g26x-gken
30
vulnerability VCID-kvhv-9fj5-7kgk
31
vulnerability VCID-kw9p-5fbc-hudg
32
vulnerability VCID-kxa8-dmva-ayff
33
vulnerability VCID-kxyq-vg6e-6uac
34
vulnerability VCID-m8w1-g9h9-vuce
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p554-wkxw-gfdh
37
vulnerability VCID-pffp-vtk7-pqby
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qak9-2t7g-w3fv
40
vulnerability VCID-qjgf-hxng-j3g9
41
vulnerability VCID-qm38-1cwk-b3hq
42
vulnerability VCID-tc2y-zrea-vyb2
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ua49-snhx-dqa4
45
vulnerability VCID-w4fh-cpaq-nqat
46
vulnerability VCID-xnb4-zjws-vuhu
47
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.3
5
url pkg:composer/silverstripe/framework@4.1.0-rc1
purl pkg:composer/silverstripe/framework@4.1.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-b9th-m3ys-7bat
13
vulnerability VCID-bdcq-z11u-zyh5
14
vulnerability VCID-c75p-3hdz-q3b6
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-cfgg-fgjt-z3hn
17
vulnerability VCID-d5q3-jrdb-euav
18
vulnerability VCID-dc9y-v257-6bhf
19
vulnerability VCID-dgke-xzhn-dkg5
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-gme6-wj87-ekfw
26
vulnerability VCID-jx5m-bqc6-h3bv
27
vulnerability VCID-kak1-btjp-kqgz
28
vulnerability VCID-kd3t-2gzd-q3hq
29
vulnerability VCID-kgm4-g26x-gken
30
vulnerability VCID-kvhv-9fj5-7kgk
31
vulnerability VCID-kw9p-5fbc-hudg
32
vulnerability VCID-kxa8-dmva-ayff
33
vulnerability VCID-kxyq-vg6e-6uac
34
vulnerability VCID-m8w1-g9h9-vuce
35
vulnerability VCID-p554-wkxw-gfdh
36
vulnerability VCID-pffp-vtk7-pqby
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qak9-2t7g-w3fv
39
vulnerability VCID-qjgf-hxng-j3g9
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-u49v-31sv-eqc3
43
vulnerability VCID-ua49-snhx-dqa4
44
vulnerability VCID-w4fh-cpaq-nqat
45
vulnerability VCID-xnb4-zjws-vuhu
46
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0-rc1
6
url pkg:composer/silverstripe/framework@4.1.0-rc2
purl pkg:composer/silverstripe/framework@4.1.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-b9th-m3ys-7bat
13
vulnerability VCID-bdcq-z11u-zyh5
14
vulnerability VCID-c75p-3hdz-q3b6
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-cfgg-fgjt-z3hn
17
vulnerability VCID-d5q3-jrdb-euav
18
vulnerability VCID-dc9y-v257-6bhf
19
vulnerability VCID-dgke-xzhn-dkg5
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-gme6-wj87-ekfw
26
vulnerability VCID-jx5m-bqc6-h3bv
27
vulnerability VCID-kak1-btjp-kqgz
28
vulnerability VCID-kd3t-2gzd-q3hq
29
vulnerability VCID-kgm4-g26x-gken
30
vulnerability VCID-kvhv-9fj5-7kgk
31
vulnerability VCID-kw9p-5fbc-hudg
32
vulnerability VCID-kxa8-dmva-ayff
33
vulnerability VCID-kxyq-vg6e-6uac
34
vulnerability VCID-m8w1-g9h9-vuce
35
vulnerability VCID-p554-wkxw-gfdh
36
vulnerability VCID-pffp-vtk7-pqby
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qak9-2t7g-w3fv
39
vulnerability VCID-qjgf-hxng-j3g9
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-u49v-31sv-eqc3
43
vulnerability VCID-ua49-snhx-dqa4
44
vulnerability VCID-w4fh-cpaq-nqat
45
vulnerability VCID-xnb4-zjws-vuhu
46
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0-rc2
7
url pkg:composer/silverstripe/framework@4.1.0
purl pkg:composer/silverstripe/framework@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-658d-vmwt-f7e8
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ajga-3b99-yugh
12
vulnerability VCID-axxx-gpfn-mqc9
13
vulnerability VCID-b9th-m3ys-7bat
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c75p-3hdz-q3b6
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cfgg-fgjt-z3hn
18
vulnerability VCID-d5q3-jrdb-euav
19
vulnerability VCID-dc9y-v257-6bhf
20
vulnerability VCID-dgke-xzhn-dkg5
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ff5q-59gf-nugg
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-ftdr-uzuh-8ybc
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-gme6-wj87-ekfw
27
vulnerability VCID-jx5m-bqc6-h3bv
28
vulnerability VCID-kak1-btjp-kqgz
29
vulnerability VCID-kd3t-2gzd-q3hq
30
vulnerability VCID-kgm4-g26x-gken
31
vulnerability VCID-kvhv-9fj5-7kgk
32
vulnerability VCID-kw9p-5fbc-hudg
33
vulnerability VCID-kxa8-dmva-ayff
34
vulnerability VCID-kxyq-vg6e-6uac
35
vulnerability VCID-m8w1-g9h9-vuce
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p554-wkxw-gfdh
38
vulnerability VCID-pffp-vtk7-pqby
39
vulnerability VCID-pq29-qe7h-tkcp
40
vulnerability VCID-qak9-2t7g-w3fv
41
vulnerability VCID-qjgf-hxng-j3g9
42
vulnerability VCID-qm38-1cwk-b3hq
43
vulnerability VCID-tc2y-zrea-vyb2
44
vulnerability VCID-u49v-31sv-eqc3
45
vulnerability VCID-ua49-snhx-dqa4
46
vulnerability VCID-w4fh-cpaq-nqat
47
vulnerability VCID-xnb4-zjws-vuhu
48
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-014-1.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-014-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/0408048653fafc52e02b4dbc6288e14e634ac613
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/0408048653fafc52e02b4dbc6288e14e634ac613
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-014
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-014
4
reference_url https://github.com/advisories/GHSA-vcg6-8fxc-x5cq
reference_id GHSA-vcg6-8fxc-x5cq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcg6-8fxc-x5cq
Weaknesses
0
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dgke-xzhn-dkg5