Search for packages
| purl | pkg:composer/silverstripe/framework@3.5.5-rc1 |
| Tags | Ghost |
| Next non-vulnerable version | 5.3.23 |
| Latest non-vulnerable version | 6.0.0-alpha1 |
| Risk | 1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pffp-vtk7-pqby
Aliases: GHSA-vh7q-j8p5-2h4h |
silverstripe/framework sends passwords back to browsers under some circumstances Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions. |
Affected by 30 other vulnerabilities. Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:39:21.665838+00:00 | GitLab Importer | Affected by | VCID-pffp-vtk7-pqby | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-vh7q-j8p5-2h4h.yml | 38.0.0 |
| 2026-04-01T16:05:31.761728+00:00 | GHSA Importer | Affected by | VCID-pffp-vtk7-pqby | https://github.com/advisories/GHSA-vh7q-j8p5-2h4h | 38.0.0 |