Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/silverstripe/graphql@3.5.2
purl pkg:composer/silverstripe/graphql@3.5.2
Next non-vulnerable version 3.8.2
Latest non-vulnerable version 5.1.3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-zaty-jxqd-hyb4
Aliases:
CVE-2023-40180
GHSA-v23w-pppm-jh66
Uncontrolled Resource Consumption silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
3.8.2
Affected by 0 other vulnerabilities.
4.0.0-alpha1
Affected by 1 other vulnerability.
4.1.3
Affected by 1 other vulnerability.
4.2.5
Affected by 1 other vulnerability.
4.3.0-rc1
Affected by 1 other vulnerability.
4.3.4
Affected by 1 other vulnerability.
5.0.0-alpha1
Affected by 0 other vulnerabilities.
5.0.3
Affected by 1 other vulnerability.
5.1.0-beta1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-414d-7bfm-kud7 Incorrect Authorization Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass. CVE-2021-28661
GHSA-r7rh-g777-g5gx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-12T00:00:25.472312+00:00 GitLab Importer Affected by VCID-zaty-jxqd-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2023-40180.yml 38.3.0
2026-04-11T22:45:16.012651+00:00 GitLab Importer Fixing VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.3.0
2026-04-03T00:03:26.305065+00:00 GitLab Importer Affected by VCID-zaty-jxqd-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2023-40180.yml 38.1.0
2026-04-02T22:55:12.078464+00:00 GitLab Importer Fixing VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.1.0
2026-04-02T16:58:19.228796+00:00 GHSA Importer Fixing VCID-414d-7bfm-kud7 https://github.com/advisories/GHSA-r7rh-g777-g5gx 38.1.0
2026-04-01T13:00:40.360583+00:00 GithubOSV Importer Fixing VCID-414d-7bfm-kud7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-r7rh-g777-g5gx/GHSA-r7rh-g777-g5gx.json 38.0.0
2026-04-01T12:48:54.803471+00:00 GitLab Importer Fixing VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.0.0