{"url":"http://public2.vulnerablecode.io/api/packages/52215?format=json","purl":"pkg:composer/silverstripe/framework@3.0.0","type":"composer","namespace":"silverstripe","name":"framework","version":"3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.14","latest_non_vulnerable_version":"5.1.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=json","vulnerability_id":"VCID-1mmc-91gk-r3d3","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57785?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57786?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57787?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57788?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57789?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57790?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37828?format=json","vulnerability_id":"VCID-3snr-vtda-jqdj","summary":"Cross-site Scripting\nXSS In rewritten hash links.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52217?format=json","purl":"pkg:composer/silverstripe/framework@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"},{"vulnerability":"VCID-uyxp-7fh1-77cg"},{"vulnerability":"VCID-wmfv-vtnz-bkad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2015-009-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37856?format=json","vulnerability_id":"VCID-78b6-1v3w-qfc3","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37827?format=json","vulnerability_id":"VCID-8xwp-xd3k-fqaz","summary":"IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52217?format=json","purl":"pkg:composer/silverstripe/framework@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"},{"vulnerability":"VCID-uyxp-7fh1-77cg"},{"vulnerability":"VCID-wmfv-vtnz-bkad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51943?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78b6-1v3w-qfc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["SS-2014-015-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37939?format=json","vulnerability_id":"VCID-nu3h-nb1g-67bs","summary":"Improper Input Validation\n`HtmlEditor` improper URL sanitisation.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52397?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"}],"aliases":["SS-2015-027-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3h-nb1g-67bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41544?format=json","vulnerability_id":"VCID-sg62-98yy-2kd7","summary":"Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53317?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37857?format=json","vulnerability_id":"VCID-uyxp-7fh1-77cg","summary":"Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-014-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37855?format=json","vulnerability_id":"VCID-wmfv-vtnz-bkad","summary":"Potential SQL Injection Vulnerability in silverstripe.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-011-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37938?format=json","vulnerability_id":"VCID-yfuu-th6b-nba4","summary":"Cross-site Scripting\nForm field validation message XSS vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52397?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"}],"aliases":["SS-2015-026-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfuu-th6b-nba4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.0"}