{"url":"http://public2.vulnerablecode.io/api/packages/51941?format=json","purl":"pkg:composer/silverstripe/framework@3.1.0","type":"composer","namespace":"silverstripe","name":"framework","version":"3.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.10","latest_non_vulnerable_version":"5.1.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37828?format=json","vulnerability_id":"VCID-3snr-vtda-jqdj","summary":"Cross-site Scripting\nXSS In rewritten hash links.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2015-009-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37856?format=json","vulnerability_id":"VCID-78b6-1v3w-qfc3","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37806?format=json","vulnerability_id":"VCID-8jxx-tgck-fuf1","summary":"Cross-site Scripting\nXSS In GridField print.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52151?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["SS-2015-006-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jxx-tgck-fuf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37802?format=json","vulnerability_id":"VCID-8wmb-64qq-7uh2","summary":"Cross-site Scripting\nXSS In FormAction.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52151?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["SS-2015-007-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wmb-64qq-7uh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37827?format=json","vulnerability_id":"VCID-8xwp-xd3k-fqaz","summary":"IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2014-015-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38031?format=json","vulnerability_id":"VCID-hnhv-qx7p-wqcw","summary":"Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in `GridFieldAddExistingAutocompleter`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-002/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52530?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/52531?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["SS-2016-002-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhv-qx7p-wqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37826?format=json","vulnerability_id":"VCID-kgf1-m5hq-1yay","summary":"Cross-site Scripting\nXSS in `Director::force_redirect()`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2015-010-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf1-m5hq-1yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37859?format=json","vulnerability_id":"VCID-puvt-j32v-77eh","summary":"Improper Neutralization of HTTP Headers for Scripting Syntax\n`X-Forwarded-Host` request hostname injection.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-013-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-puvt-j32v-77eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37804?format=json","vulnerability_id":"VCID-rmsa-pfr6-zkg3","summary":"Cross-site Scripting\nTreeDropdownField and TreeMultiSelectField XSS.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52151?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["SS-2015-004-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmsa-pfr6-zkg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38030?format=json","vulnerability_id":"VCID-rrmd-ud59-ffbp","summary":"Improper Authentication\n'Missing security check on `dev/build/defaults`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-028/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-028/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52530?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/52531?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["SS-2015-028-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrmd-ud59-ffbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37915?format=json","vulnerability_id":"VCID-twrb-6j51-aqcy","summary":"Cross-site Scripting\nXSS in `dev/build` `returnURL` Parameter.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52371?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["SS-2015-015-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twrb-6j51-aqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37735?format=json","vulnerability_id":"VCID-u6za-xw77-8kgx","summary":"Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2014-017-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6za-xw77-8kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37857?format=json","vulnerability_id":"VCID-uyxp-7fh1-77cg","summary":"Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-014-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38032?format=json","vulnerability_id":"VCID-vatm-1vbd-bfam","summary":"SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-003/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52530?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/52531?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["SS-2016-003-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vatm-1vbd-bfam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37855?format=json","vulnerability_id":"VCID-wmfv-vtnz-bkad","summary":"Potential SQL Injection Vulnerability in silverstripe.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-011-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37913?format=json","vulnerability_id":"VCID-zckr-zxq4-jyev","summary":"Cross-site Scripting\nXSS in `install.php`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52371?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["SS-2015-016-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zckr-zxq4-jyev"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0"}