{"url":"http://public2.vulnerablecode.io/api/packages/52346?format=json","purl":"pkg:composer/silverstripe/forum@0.7.4","type":"composer","namespace":"silverstripe","name":"forum","version":"0.7.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.8.0","latest_non_vulnerable_version":"0.8.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37894?format=json","vulnerability_id":"VCID-1c4s-aasg-fbdb","summary":"CSRF Vulnerability\nA number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.","references":[{"reference_url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-017/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-017/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52345?format=json","purl":"pkg:composer/silverstripe/forum@0.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/52346?format=json","purl":"pkg:composer/silverstripe/forum@0.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52347?format=json","purl":"pkg:composer/silverstripe/forum@0.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.8.0"}],"aliases":["SS-2015-017"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c4s-aasg-fbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37914?format=json","vulnerability_id":"VCID-qnhh-xma1-5bhm","summary":"Cross-Site Request Forgery (CSRF)\nForum Module CSRF Vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-017/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-017/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52345?format=json","purl":"pkg:composer/silverstripe/forum@0.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/52346?format=json","purl":"pkg:composer/silverstripe/forum@0.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4"}],"aliases":["SS-2015-017-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhh-xma1-5bhm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4"}