{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","type":"composer","namespace":"silverstripe","name":"framework","version":"3.1.13","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.14","latest_non_vulnerable_version":"5.1.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43893?format=json","vulnerability_id":"VCID-sfyd-qn7r-eqdg","summary":"Silverstripe CMS Open Redirect\nOpen redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt","reference_id":"","reference_type":"","scores":[],"url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"},{"reference_url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"},{"reference_url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419"},{"reference_url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062","reference_id":"CVE-2015-5062","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062"},{"reference_url":"https://github.com/advisories/GHSA-fh35-p8ph-p545","reference_id":"GHSA-fh35-p8ph-p545","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fh35-p8ph-p545"}],"fixed_packages":[],"aliases":["CVE-2015-5062","GHSA-fh35-p8ph-p545"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyd-qn7r-eqdg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37856?format=json","vulnerability_id":"VCID-78b6-1v3w-qfc3","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37859?format=json","vulnerability_id":"VCID-puvt-j32v-77eh","summary":"Improper Neutralization of HTTP Headers for Scripting Syntax\n`X-Forwarded-Host` request hostname injection.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-013-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-puvt-j32v-77eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37857?format=json","vulnerability_id":"VCID-uyxp-7fh1-77cg","summary":"Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-014-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37855?format=json","vulnerability_id":"VCID-wmfv-vtnz-bkad","summary":"Potential SQL Injection Vulnerability in silverstripe.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52279?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/52280?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sfyd-qn7r-eqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-011-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}