{"url":"http://public2.vulnerablecode.io/api/packages/51810?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-alpha0","type":"composer","namespace":"silverstripe","name":"framework","version":"3.2.0-alpha0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.10-stable","latest_non_vulnerable_version":"5.2.16","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11065?format=json","vulnerability_id":"VCID-7uum-b28k-nqbm","summary":"XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51946?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51947?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51948?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-016"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uum-b28k-nqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11000?format=json","vulnerability_id":"VCID-7wzc-kyxs-wbc2","summary":"ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51817?format=json","purl":"pkg:composer/silverstripe/framework@3.4.10-stable","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-011"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wzc-kyxs-wbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10997?format=json","vulnerability_id":"VCID-a95a-ygek-hfby","summary":"Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-012"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a95a-ygek-hfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11001?format=json","vulnerability_id":"VCID-bexp-ws1g-1fdu","summary":"Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-008"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bexp-ws1g-1fdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11004?format=json","vulnerability_id":"VCID-d9he-ahd2-xkde","summary":"Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9he-ahd2-xkde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10999?format=json","vulnerability_id":"VCID-u7hh-49t3-13df","summary":"Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-014"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7hh-49t3-13df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11066?format=json","vulnerability_id":"VCID-upvz-qc95-nua2","summary":"ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51946?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51947?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51948?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-010"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upvz-qc95-nua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11003?format=json","vulnerability_id":"VCID-uww2-1x5r-ufc6","summary":"XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-015"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uww2-1x5r-ufc6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-alpha0"}