Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/forum@0.6.1
Typecomposer
Namespacesilverstripe
Nameforum
Version0.6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.6.2
Latest_non_vulnerable_version0.8.0
Affected_by_vulnerabilities
0
url VCID-1c4s-aasg-fbdb
vulnerability_id VCID-1c4s-aasg-fbdb
summary 
CSRF Vulnerability
A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.
references
0
reference_url http://www.silverstripe.org/software/download/security-releases/ss-2015-017/
reference_id
reference_type
scores
url http://www.silverstripe.org/software/download/security-releases/ss-2015-017/
fixed_packages
0
url pkg:composer/silverstripe/forum@0.6.2
purl pkg:composer/silverstripe/forum@0.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.2
1
url pkg:composer/silverstripe/forum@0.7.4
purl pkg:composer/silverstripe/forum@0.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4
2
url pkg:composer/silverstripe/forum@0.8.0
purl pkg:composer/silverstripe/forum@0.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.8.0
aliases SS-2015-017
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c4s-aasg-fbdb
1
url VCID-6e2a-suju-quft
vulnerability_id VCID-6e2a-suju-quft
summary 
Silverstripe Forum Module CSRF Vulnerability
A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures.

Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.

Thanks to Michael Strong for discovering.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/forum/SS-2015-017-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/forum/SS-2015-017-1.yaml
1
reference_url https://github.com/silverstripe-archive/silverstripe-forum
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe-archive/silverstripe-forum
2
reference_url https://github.com/silverstripe-archive/silverstripe-forum/commit/0ec7c92785f36c8edf4a11c36a4fc27e0c40cee6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe-archive/silverstripe-forum/commit/0ec7c92785f36c8edf4a11c36a4fc27e0c40cee6
3
reference_url https://github.com/silverstripe-archive/silverstripe-forum/commit/efe09f95ccdb0138ce5bd3d3a21b3d9e97038dd8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe-archive/silverstripe-forum/commit/efe09f95ccdb0138ce5bd3d3a21b3d9e97038dd8
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-017
5
reference_url https://github.com/advisories/GHSA-w8fq-xgvh-cxc2
reference_id GHSA-w8fq-xgvh-cxc2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8fq-xgvh-cxc2
fixed_packages
0
url pkg:composer/silverstripe/forum@0.6.2
purl pkg:composer/silverstripe/forum@0.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.2
1
url pkg:composer/silverstripe/forum@0.7.4
purl pkg:composer/silverstripe/forum@0.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4
aliases GHSA-w8fq-xgvh-cxc2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e2a-suju-quft
2
url VCID-qnhh-xma1-5bhm
vulnerability_id VCID-qnhh-xma1-5bhm
summary 
Cross-Site Request Forgery (CSRF)
Forum Module CSRF Vulnerability.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-017/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-017/
fixed_packages
0
url pkg:composer/silverstripe/forum@0.6.2
purl pkg:composer/silverstripe/forum@0.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.2
1
url pkg:composer/silverstripe/forum@0.7.4
purl pkg:composer/silverstripe/forum@0.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.7.4
aliases SS-2015-017-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhh-xma1-5bhm
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/forum@0.6.1