Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/cms@3.0.0
Typecomposer
Namespacesilverstripe
Namecms
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.3
Latest_non_vulnerable_version4.11.3
Affected_by_vulnerabilities
0
url VCID-qdtk-twxp-2kbv
vulnerability_id VCID-qdtk-twxp-2kbv
summary 
Incorrect Permission Assignment for Critical Resource
SiteTree Creation Permission Vulnerability in silverstripe.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/
fixed_packages
0
url pkg:composer/silverstripe/cms@3.0.12
purl pkg:composer/silverstripe/cms@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-658d-vmwt-f7e8
2
vulnerability VCID-c3vp-kc9a-vkhn
3
vulnerability VCID-g366-c4n9-vfcs
4
vulnerability VCID-gme6-wj87-ekfw
5
vulnerability VCID-j6ze-f76y-cqgy
6
vulnerability VCID-jdyv-jdju-kbb2
7
vulnerability VCID-kdyk-rrrr-pufw
8
vulnerability VCID-kz63-ftzc-tudk
9
vulnerability VCID-wpu5-3h5v-wuhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.12
1
url pkg:composer/silverstripe/cms@3.1.11
purl pkg:composer/silverstripe/cms@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-658d-vmwt-f7e8
2
vulnerability VCID-agbu-v7vd-fyc8
3
vulnerability VCID-c3vp-kc9a-vkhn
4
vulnerability VCID-g366-c4n9-vfcs
5
vulnerability VCID-gme6-wj87-ekfw
6
vulnerability VCID-j6ze-f76y-cqgy
7
vulnerability VCID-jdyv-jdju-kbb2
8
vulnerability VCID-kdyk-rrrr-pufw
9
vulnerability VCID-kz63-ftzc-tudk
10
vulnerability VCID-mr46-bvjx-n7ar
11
vulnerability VCID-qjey-bhrt-kud4
12
vulnerability VCID-wpu5-3h5v-wuhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.11
2
url pkg:composer/silverstripe/cms@3.1.13-rc1
purl pkg:composer/silverstripe/cms@3.1.13-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-658d-vmwt-f7e8
2
vulnerability VCID-agbu-v7vd-fyc8
3
vulnerability VCID-c3vp-kc9a-vkhn
4
vulnerability VCID-g366-c4n9-vfcs
5
vulnerability VCID-gme6-wj87-ekfw
6
vulnerability VCID-j6ze-f76y-cqgy
7
vulnerability VCID-jdyv-jdju-kbb2
8
vulnerability VCID-kdyk-rrrr-pufw
9
vulnerability VCID-kz63-ftzc-tudk
10
vulnerability VCID-mr46-bvjx-n7ar
11
vulnerability VCID-qjey-bhrt-kud4
12
vulnerability VCID-wpu5-3h5v-wuhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.13-rc1
aliases SS-2015-008-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdtk-twxp-2kbv
1
url VCID-rbft-1w3r-3ub7
vulnerability_id VCID-rbft-1w3r-3ub7
summary 
Silverstripe SiteTree Creation Permission Vulnerability
A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system.

This vulnerability will allow users, or unauthenticated guests, to create new SiteTree objects in the database. This vulnerability is present when such users are given CMS access via other means, or if there is another mechanism (such as RestfulServer module) which allows model editing and relies on model-level permission checks.

This vulnerability is restricted to the creation of draft or live pages, and does not allow users to edit, publish, or unpublish existing pages.

All users should upgrade as soon as possible.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/SS-2015-008-1.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/SS-2015-008-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
2
reference_url https://github.com/silverstripe/silverstripe-cms/commit/3df41e1176385215f15fffb04fcba033a5151fb4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms/commit/3df41e1176385215f15fffb04fcba033a5151fb4
3
reference_url https://github.com/silverstripe/silverstripe-cms/commit/64955e57d1239975183f47d3ac8c3e801ddbf122
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms/commit/64955e57d1239975183f47d3ac8c3e801ddbf122
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability
5
reference_url https://github.com/advisories/GHSA-3mm9-2p44-rw39
reference_id GHSA-3mm9-2p44-rw39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mm9-2p44-rw39
fixed_packages
0
url pkg:composer/silverstripe/cms@3.0.12
purl pkg:composer/silverstripe/cms@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-658d-vmwt-f7e8
2
vulnerability VCID-c3vp-kc9a-vkhn
3
vulnerability VCID-g366-c4n9-vfcs
4
vulnerability VCID-gme6-wj87-ekfw
5
vulnerability VCID-j6ze-f76y-cqgy
6
vulnerability VCID-jdyv-jdju-kbb2
7
vulnerability VCID-kdyk-rrrr-pufw
8
vulnerability VCID-kz63-ftzc-tudk
9
vulnerability VCID-wpu5-3h5v-wuhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.12
1
url pkg:composer/silverstripe/cms@3.1.11
purl pkg:composer/silverstripe/cms@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-658d-vmwt-f7e8
2
vulnerability VCID-agbu-v7vd-fyc8
3
vulnerability VCID-c3vp-kc9a-vkhn
4
vulnerability VCID-g366-c4n9-vfcs
5
vulnerability VCID-gme6-wj87-ekfw
6
vulnerability VCID-j6ze-f76y-cqgy
7
vulnerability VCID-jdyv-jdju-kbb2
8
vulnerability VCID-kdyk-rrrr-pufw
9
vulnerability VCID-kz63-ftzc-tudk
10
vulnerability VCID-mr46-bvjx-n7ar
11
vulnerability VCID-qjey-bhrt-kud4
12
vulnerability VCID-wpu5-3h5v-wuhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.11
aliases GHSA-3mm9-2p44-rw39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbft-1w3r-3ub7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.0