{"url":"http://public2.vulnerablecode.io/api/packages/52686?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0-alpha","type":"composer","namespace":"silverstripe","name":"framework","version":"3.3.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.3.23","latest_non_vulnerable_version":"6.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38104?format=json","vulnerability_id":"VCID-1uhv-fetz-j7fd","summary":"XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-001","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9ugf-duna-xfgy"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-excr-b2pz-jydm"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-v9ch-up34-nuab"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38103?format=json","vulnerability_id":"VCID-evh4-xq48-4fa6","summary":"Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-005","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9ugf-duna-xfgy"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-excr-b2pz-jydm"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-v9ch-up34-nuab"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38105?format=json","vulnerability_id":"VCID-ggbg-8mtc-hudc","summary":"XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-004","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9ugf-duna-xfgy"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-excr-b2pz-jydm"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-v9ch-up34-nuab"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38106?format=json","vulnerability_id":"VCID-m5rs-qptc-vued","summary":"Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989"},{"reference_url":"http://stackoverflow.com/a/15350123","reference_id":"","reference_type":"","scores":[],"url":"http://stackoverflow.com/a/15350123"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9ugf-duna-xfgy"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-excr-b2pz-jydm"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-v9ch-up34-nuab"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38107?format=json","vulnerability_id":"VCID-q939-fszs-wfdp","summary":"CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-029","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52692?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9ugf-duna-xfgy"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-excr-b2pz-jydm"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-v9ch-up34-nuab"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52691?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-36z3-nafq-6kez"},{"vulnerability":"VCID-3svb-wudn-aybz"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4h4a-xgrk-d7ec"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7ek4-6y31-1qcs"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-7jm4-cjg3-rkcz"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9hf4-djcv-67d7"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-at1s-qxsg-5yfs"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-c437-w2zy-y7c9"},{"vulnerability":"VCID-c6bz-jwhm-vkgp"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-czh2-w6fk-xqd6"},{"vulnerability":"VCID-ewg1-jqza-eyez"},{"vulnerability":"VCID-f4hv-79km-3ygt"},{"vulnerability":"VCID-gkkp-9fm7-jfaz"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hnme-cqff-c7dp"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n1mj-u4yk-jqhn"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qj5k-bcw3-5fgq"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-t81f-5b8z-hyht"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-vatg-guxu-2ud7"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y6gd-vy49-17b4"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-z28b-1yrx-1bbn"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2015-029"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-alpha"}