Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-unqm-76fg-3fct

Summary

Queued jobs serialised data exposure
SavedJobData and SavedJobMessages contain php serialized data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialize. This issue has been resolved by hiding this content, even from administrators.

Aliases

alias	SS-2015-024

Fixed_packages

url pkg:composer/silverstripe/cms@3.0.2.1

purl pkg:composer/silverstripe/cms@3.0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-qdtk-twxp-2kbv

vulnerability	VCID-rbft-1w3r-3ub7

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.2.1

url pkg:composer/silverstripe/cms@3.0.10

purl pkg:composer/silverstripe/cms@3.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-qdtk-twxp-2kbv

vulnerability	VCID-rbft-1w3r-3ub7

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.10

Affected_packages

url pkg:composer/silverstripe/cms@2.4.9

purl pkg:composer/silverstripe/cms@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-unqm-76fg-3fct

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.9

url pkg:composer/silverstripe/cms@2.4.10

purl pkg:composer/silverstripe/cms@2.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-unqm-76fg-3fct

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.10

url pkg:composer/silverstripe/cms@2.4.11

purl pkg:composer/silverstripe/cms@2.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-unqm-76fg-3fct

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.11

url pkg:composer/silverstripe/cms@2.4.12

purl pkg:composer/silverstripe/cms@2.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-unqm-76fg-3fct

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.12

url pkg:composer/silverstripe/cms@2.4.13

purl pkg:composer/silverstripe/cms@2.4.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-g366-c4n9-vfcs

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-jdyv-jdju-kbb2

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-unqm-76fg-3fct

vulnerability	VCID-wpu5-3h5v-wuhj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.13

References

reference_url	http://www.silverstripe.org/download/security-releases/SS-2015-024
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/SS-2015-024

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unqm-76fg-3fct

Vulnerability Instance