Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/19770?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19770?format=api", "vulnerability_id": "VCID-6xwk-ee7f-5ubd", "summary": "silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms\nWhen accessing the `install.php` script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the `value` property of the password fields.", "aliases": [ { "alias": "GHSA-r3pr-fh25-wrfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26306?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145600?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/193718?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/193719?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0-rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26303?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/167507?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-010" }, { "reference_url": "https://github.com/advisories/GHSA-r3pr-fh25-wrfc", "reference_id": "GHSA-r3pr-fh25-wrfc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3pr-fh25-wrfc" } ], "weaknesses": [ { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xwk-ee7f-5ubd" }