{"url":"http://public2.vulnerablecode.io/api/packages/22303?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0-alpha","type":"composer","namespace":"silverstripe","name":"framework","version":"3.3.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.3.23","latest_non_vulnerable_version":"6.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7385?format=json","vulnerability_id":"VCID-6j2p-tzvx-9bdj","summary":"Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989"},{"reference_url":"http://stackoverflow.com/a/15350123","reference_id":"","reference_type":"","scores":[],"url":"http://stackoverflow.com/a/15350123"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j2p-tzvx-9bdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7386?format=json","vulnerability_id":"VCID-dgn7-zmwr-u3c6","summary":"CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-029","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2015-029"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgn7-zmwr-u3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7382?format=json","vulnerability_id":"VCID-tuwu-cznx-jqdb","summary":"XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-001","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuwu-cznx-jqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7381?format=json","vulnerability_id":"VCID-wazt-hn99-qkdk","summary":"Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-005","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wazt-hn99-qkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7384?format=json","vulnerability_id":"VCID-zgy5-8cgd-gqhm","summary":"XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-004","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgy5-8cgd-gqhm"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-alpha"}