{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","type":"composer","namespace":"silverstripe","name":"framework","version":"3.1.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.14","latest_non_vulnerable_version":"5.1.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37856?format=json","vulnerability_id":"VCID-78b6-1v3w-qfc3","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37828?format=json","vulnerability_id":"VCID-3snr-vtda-jqdj","summary":"Cross-site Scripting\nXSS In rewritten hash links.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52217?format=json","purl":"pkg:composer/silverstripe/framework@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"},{"vulnerability":"VCID-uyxp-7fh1-77cg"},{"vulnerability":"VCID-wmfv-vtnz-bkad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2015-009-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37827?format=json","vulnerability_id":"VCID-8xwp-xd3k-fqaz","summary":"IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52217?format=json","purl":"pkg:composer/silverstripe/framework@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"},{"vulnerability":"VCID-uyxp-7fh1-77cg"},{"vulnerability":"VCID-wmfv-vtnz-bkad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2014-015-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37826?format=json","vulnerability_id":"VCID-kgf1-m5hq-1yay","summary":"Cross-site Scripting\nXSS in `Director::force_redirect()`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2015-010-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf1-m5hq-1yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37735?format=json","vulnerability_id":"VCID-u6za-xw77-8kgx","summary":"Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2014-017-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6za-xw77-8kgx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}