Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/cms@3.1.18-rc2
Typecomposer
Namespacesilverstripe
Namecms
Version3.1.18-rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.3
Latest_non_vulnerable_version4.11.3
Affected_by_vulnerabilities
0
url VCID-2s8q-qgpm-cqh7
vulnerability_id VCID-2s8q-qgpm-cqh7
summary 
Unrestricted Upload of File with Dangerous Type
Silverstripe CMS can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
reference_id
reference_type
scores
0
value 0.00727
scoring_system epss
scoring_elements 0.7299
published_at 2026-06-04T12:55:00Z
1
value 0.00727
scoring_system epss
scoring_elements 0.73017
published_at 2026-06-07T12:55:00Z
2
value 0.00727
scoring_system epss
scoring_elements 0.73034
published_at 2026-06-06T12:55:00Z
3
value 0.00727
scoring_system epss
scoring_elements 0.73027
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
1
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
reference_id CVE-2020-9309
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
3
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
reference_id CVE-2020-9309
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
4
reference_url https://github.com/advisories/GHSA-h77w-655f-6j3m
reference_id GHSA-h77w-655f-6j3m
reference_type
scores
url https://github.com/advisories/GHSA-h77w-655f-6j3m
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9309, GHSA-h77w-655f-6j3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s8q-qgpm-cqh7
1
url VCID-3x46-q9cb-7ubg
vulnerability_id VCID-3x46-q9cb-7ubg
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60547
published_at 2026-06-07T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60505
published_at 2026-06-04T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60553
published_at 2026-06-05T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.60559
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
3
reference_url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
reference_id GHSA-fwhr-g5r4-xgxf
reference_type
scores
url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
fixed_packages
0
url pkg:composer/silverstripe/cms@3.5.5
purl pkg:composer/silverstripe/cms@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-b95v-49p7-fkas
2
vulnerability VCID-umhc-fdfh-1fdx
3
vulnerability VCID-ytbc-8mhd-b3fc
4
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.5.5
1
url pkg:composer/silverstripe/cms@3.6.1
purl pkg:composer/silverstripe/cms@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-ytbc-8mhd-b3fc
3
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg
2
url VCID-b95v-49p7-fkas
vulnerability_id VCID-b95v-49p7-fkas
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59501
published_at 2026-06-06T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-04T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59498
published_at 2026-06-05T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.59492
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
6
reference_url https://github.com/advisories/GHSA-j696-6m57-mcrv
reference_id GHSA-j696-6m57-mcrv
reference_type
scores
url https://github.com/advisories/GHSA-j696-6m57-mcrv
fixed_packages
0
url pkg:composer/silverstripe/cms@3.6.1
purl pkg:composer/silverstripe/cms@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-ytbc-8mhd-b3fc
3
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas
3
url VCID-c6bz-jwhm-vkgp
vulnerability_id VCID-c6bz-jwhm-vkgp
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5021
published_at 2026-06-06T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.50194
published_at 2026-06-07T12:55:00Z
2
value 0.00265
scoring_system epss
scoring_elements 0.5014
published_at 2026-06-04T12:55:00Z
3
value 0.00265
scoring_system epss
scoring_elements 0.50201
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/cms@3.4.4
purl pkg:composer/silverstripe/cms@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-b95v-49p7-fkas
3
vulnerability VCID-umhc-fdfh-1fdx
4
vulnerability VCID-ytbc-8mhd-b3fc
5
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.4.4
1
url pkg:composer/silverstripe/cms@3.5.2
purl pkg:composer/silverstripe/cms@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-b95v-49p7-fkas
3
vulnerability VCID-umhc-fdfh-1fdx
4
vulnerability VCID-ytbc-8mhd-b3fc
5
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp
4
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57206
published_at 2026-06-05T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57202
published_at 2026-06-07T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.57214
published_at 2026-06-06T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
5
url VCID-ytbc-8mhd-b3fc
vulnerability_id VCID-ytbc-8mhd-b3fc
summary 
Information Exposure
In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
reference_id
reference_type
scores
0
value 0.00703
scoring_system epss
scoring_elements 0.72477
published_at 2026-06-07T12:55:00Z
1
value 0.00703
scoring_system epss
scoring_elements 0.72497
published_at 2026-06-06T12:55:00Z
2
value 0.00703
scoring_system epss
scoring_elements 0.7249
published_at 2026-06-05T12:55:00Z
3
value 0.00703
scoring_system epss
scoring_elements 0.72448
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
reference_id CVE-2020-6164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
reference_id CVE-2020-6164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
7
reference_url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
reference_id GHSA-gm5x-hpmw-xpxg
reference_type
scores
url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uy47-3s8a-hbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-6164, GHSA-gm5x-hpmw-xpxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc
6
url VCID-z94y-nz4f-y7er
vulnerability_id VCID-z94y-nz4f-y7er
summary 
Improper Privilege Management
In SilverStripe, a missing warning about leaving `install.php` in a public webroot can lead to unauthenticated admin access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74973
published_at 2026-06-06T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.74965
published_at 2026-06-07T12:55:00Z
2
value 0.00832
scoring_system epss
scoring_elements 0.74941
published_at 2026-06-04T12:55:00Z
3
value 0.00832
scoring_system epss
scoring_elements 0.74969
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
3
reference_url https://packagist.org/packages/silverstripe/cms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/cms
4
reference_url https://packagist.org/packages/silverstripe/framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/framework
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12204
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
reference_id CVE-2019-12204
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
reference_id CVE-2019-12204
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
10
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
reference_id CVE-2019-12204
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
11
reference_url https://github.com/advisories/GHSA-cg8j-8w52-735v
reference_id GHSA-cg8j-8w52-735v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg8j-8w52-735v
fixed_packages
0
url pkg:composer/silverstripe/cms@4.3.6
purl pkg:composer/silverstripe/cms@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.3.6
1
url pkg:composer/silverstripe/cms@4.4.0-rc1
purl pkg:composer/silverstripe/cms@4.4.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-uy47-3s8a-hbdn
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.0-rc1
2
url pkg:composer/silverstripe/cms@4.4.4
purl pkg:composer/silverstripe/cms@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s8q-qgpm-cqh7
1
vulnerability VCID-umhc-fdfh-1fdx
2
vulnerability VCID-uy47-3s8a-hbdn
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.4
aliases CVE-2019-12204, GHSA-cg8j-8w52-735v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z94y-nz4f-y7er
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.18-rc2