{"url":"http://public2.vulnerablecode.io/api/packages/52685?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-alpha","type":"composer","namespace":"silverstripe","name":"framework","version":"3.2.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.7.5","latest_non_vulnerable_version":"5.3.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38104?format=json","vulnerability_id":"VCID-1uhv-fetz-j7fd","summary":"XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-001","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52690?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52689?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38103?format=json","vulnerability_id":"VCID-evh4-xq48-4fa6","summary":"Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-005","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52690?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52689?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38105?format=json","vulnerability_id":"VCID-ggbg-8mtc-hudc","summary":"XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-004","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52690?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52689?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38106?format=json","vulnerability_id":"VCID-m5rs-qptc-vued","summary":"Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989"},{"reference_url":"http://stackoverflow.com/a/15350123","reference_id":"","reference_type":"","scores":[],"url":"http://stackoverflow.com/a/15350123"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52690?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52689?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38107?format=json","vulnerability_id":"VCID-q939-fszs-wfdp","summary":"CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-029","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52690?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52689?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2015-029"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-alpha"}