Search for packages
| purl | pkg:composer/silverstripe/framework@3.5.7-rc1 |
| Tags | Ghost |
| Next non-vulnerable version | 5.3.23 |
| Latest non-vulnerable version | 6.0.0-alpha1 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ff5q-59gf-nugg
Aliases: GHSA-xpff-c35g-j3cr |
silverstripe/framework Privilege Escalation Risk in Member Edit form A member with the permission `EDIT_PERMISSIONS` and access to the "Security" section is able to re-assign themselves (or another member) to `ADMIN` level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation. |
Affected by 30 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:39:22.284844+00:00 | GitLab Importer | Affected by | VCID-ff5q-59gf-nugg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-xpff-c35g-j3cr.yml | 38.0.0 |
| 2026-04-01T16:05:31.452319+00:00 | GHSA Importer | Affected by | VCID-ff5q-59gf-nugg | https://github.com/advisories/GHSA-xpff-c35g-j3cr | 38.0.0 |