Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.1.17

Type composer

Namespace silverstripe

Name framework

Version 3.1.17

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.1.19-rc1

Latest_non_vulnerable_version 5.1.11

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-hnhv-qx7p-wqcw

vulnerability_id VCID-hnhv-qx7p-wqcw

summary

Cross-Site Request Forgery (CSRF)
CSRF vulnerability in `GridFieldAddExistingAutocompleter`.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2016-002/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2016-002/

fixed_packages

url	pkg:composer/silverstripe/framework@3.1.17
purl	pkg:composer/silverstripe/framework@3.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2016-002-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhv-qx7p-wqcw

url VCID-rrmd-ud59-ffbp

vulnerability_id VCID-rrmd-ud59-ffbp

summary

Improper Authentication
'Missing security check on `dev/build/defaults`.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-028/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-028/

fixed_packages

url	pkg:composer/silverstripe/framework@3.1.17
purl	pkg:composer/silverstripe/framework@3.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2015-028-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrmd-ud59-ffbp

url VCID-vatm-1vbd-bfam

vulnerability_id VCID-vatm-1vbd-bfam

summary SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2016-003/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2016-003/

fixed_packages

url	pkg:composer/silverstripe/framework@3.1.17
purl	pkg:composer/silverstripe/framework@3.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17

url	pkg:composer/silverstripe/framework@3.3.0
purl	pkg:composer/silverstripe/framework@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

aliases SS-2016-003-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vatm-1vbd-bfam

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17

Package Instance