Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/silverstripe-omnipay@3.1.4
Typecomposer
Namespacesilverstripe
Namesilverstripe-omnipay
Version3.1.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.1
Latest_non_vulnerable_version3.2.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-kw79-va4z-wbb3
vulnerability_id VCID-kw79-va4z-wbb3
summary silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29254
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43816
published_at 2026-06-12T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.4366
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29254
1
reference_url https://github.com/silverstripe/silverstripe-omnipay
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-omnipay
2
reference_url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/2.5.2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/2.5.2
3
reference_url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.0.2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.0.2
4
reference_url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.1.4
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.1.4
5
reference_url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.2.1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.2.1
6
reference_url https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b
reference_id 7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:02Z/
url https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29254
reference_id CVE-2022-29254
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29254
8
reference_url https://github.com/advisories/GHSA-48f2-m7jg-866x
reference_id GHSA-48f2-m7jg-866x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-48f2-m7jg-866x
9
reference_url https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x
reference_id GHSA-48f2-m7jg-866x
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:02Z/
url https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x
fixed_packages
0
url pkg:composer/silverstripe/silverstripe-omnipay@2.5.2
purl pkg:composer/silverstripe/silverstripe-omnipay@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/silverstripe-omnipay@2.5.2
1
url pkg:composer/silverstripe/silverstripe-omnipay@3.0.2
purl pkg:composer/silverstripe/silverstripe-omnipay@3.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/silverstripe-omnipay@3.0.2
2
url pkg:composer/silverstripe/silverstripe-omnipay@3.1.4
purl pkg:composer/silverstripe/silverstripe-omnipay@3.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/silverstripe-omnipay@3.1.4
3
url pkg:composer/silverstripe/silverstripe-omnipay@3.2.1
purl pkg:composer/silverstripe/silverstripe-omnipay@3.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/silverstripe-omnipay@3.2.1
aliases CVE-2022-29254, GHSA-48f2-m7jg-866x
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kw79-va4z-wbb3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/silverstripe-omnipay@3.1.4