Search for packages
| purl | pkg:composer/silverstripe/framework@3.7.0-rc1 |
| Tags | Ghost |
| Next non-vulnerable version | 5.3.23 |
| Latest non-vulnerable version | 6.0.0-alpha1 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qak9-2t7g-w3fv
Aliases: GHSA-m2hh-2m46-x6j5 |
silverstripe/framework may disclose database credentials during connection failure When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur. |
Affected by 29 other vulnerabilities. Affected by 38 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 39 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:39:22.949879+00:00 | GitLab Importer | Affected by | VCID-qak9-2t7g-w3fv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-m2hh-2m46-x6j5.yml | 38.0.0 |
| 2026-04-01T16:05:31.985137+00:00 | GHSA Importer | Affected by | VCID-qak9-2t7g-w3fv | https://github.com/advisories/GHSA-m2hh-2m46-x6j5 | 38.0.0 |