VulnerableCode Package Details - pkg:composer/silverstripe/cms@3.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-qdtk-twxp-2kbv Aliases: SS-2015-008-1	Incorrect Permission Assignment for Critical Resource SiteTree Creation Permission Vulnerability in silverstripe.	3.0.12 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.11 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.13-rc1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rbft-1w3r-3ub7 Aliases: GHSA-3mm9-2p44-rw39	Silverstripe SiteTree Creation Permission Vulnerability A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to create new SiteTree objects in the database. This vulnerability is present when such users are given CMS access via other means, or if there is another mechanism (such as RestfulServer module) which allows model editing and relies on model-level permission checks. This vulnerability is restricted to the creation of draft or live pages, and does not allow users to edit, publish, or unpublish existing pages. All users should upgrade as soon as possible.	3.0.12 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.11 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-qdtk-twxp-2kbv
Aliases:
SS-2015-008-1

Incorrect Permission Assignment for Critical Resource SiteTree Creation Permission Vulnerability in silverstripe.

3.0.12
Affected by 10 other vulnerabilities.

3.1.11
Affected by 13 other vulnerabilities.

3.1.13-rc1
Affected by 13 other vulnerabilities.

VCID-rbft-1w3r-3ub7
Aliases:
GHSA-3mm9-2p44-rw39

Silverstripe SiteTree Creation Permission Vulnerability A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to create new SiteTree objects in the database. This vulnerability is present when such users are given CMS access via other means, or if there is another mechanism (such as RestfulServer module) which allows model editing and relies on model-level permission checks. This vulnerability is restricted to the creation of draft or live pages, and does not allow users to edit, publish, or unpublish existing pages. All users should upgrade as soon as possible.

3.0.12
Affected by 10 other vulnerabilities.

3.1.11
Affected by 13 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:39:19.436047+00:00	GitLab Importer	Affected by	VCID-rbft-1w3r-3ub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/cms/GHSA-3mm9-2p44-rw39.yml	38.0.0
2026-04-01T16:05:28.089618+00:00	GHSA Importer	Affected by	VCID-rbft-1w3r-3ub7	https://github.com/advisories/GHSA-3mm9-2p44-rw39	38.0.0
2026-04-01T12:46:56.542405+00:00	GitLab Importer	Affected by	VCID-qdtk-twxp-2kbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/cms/SS-2015-008-1.yml	38.0.0