Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2rbk-47h6-d7d8
Vulnerability ID VCID-2rbk-47h6-d7d8
Aliases CVE-2022-0227
GHSA-32m2-9f76-4gv8
Summary Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
Status Invalid
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-32m2-9f76-4gv8
cvssv3.1 4.3 https://github.com/silverstripe/silverstripe-framework
generic_textual MODERATE https://github.com/silverstripe/silverstripe-framework
cvssv3.1 4.3 https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
generic_textual MODERATE https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
cvssv3.1 4.3 https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
generic_textual MODERATE https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0227
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-0227
Reference id Reference type URL
https://github.com/silverstripe/silverstripe-framework
https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
CVE-2022-0227 https://nvd.nist.gov/vuln/detail/CVE-2022-0227
GHSA-32m2-9f76-4gv8 https://github.com/advisories/GHSA-32m2-9f76-4gv8
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/silverstripe/silverstripe-framework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0227
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-04-03T14:54:18.591828+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2022-0227 38.1.0
2026-04-01T12:49:22.710375+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/secureassets/CVE-2022-0227.yml 38.0.0