Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.6.2

Type composer

Namespace silverstripe

Name framework

Version 3.6.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.7.5

Latest_non_vulnerable_version 5.3.23

Affected_by_vulnerabilities

url VCID-1mmc-91gk-r3d3

vulnerability_id VCID-1mmc-91gk-r3d3

summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55549
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2018-021

fixed_packages

url pkg:composer/silverstripe/framework@3.6.7

purl pkg:composer/silverstripe/framework@3.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7

url pkg:composer/silverstripe/framework@3.7.3

purl pkg:composer/silverstripe/framework@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3

url pkg:composer/silverstripe/framework@4.0.7

purl pkg:composer/silverstripe/framework@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7

url pkg:composer/silverstripe/framework@4.1.5

purl pkg:composer/silverstripe/framework@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

vulnerability	VCID-z94y-nz4f-y7er

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5

url pkg:composer/silverstripe/framework@4.2.4

purl pkg:composer/silverstripe/framework@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

vulnerability	VCID-z94y-nz4f-y7er

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4

url pkg:composer/silverstripe/framework@4.3.1

purl pkg:composer/silverstripe/framework@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

vulnerability	VCID-z94y-nz4f-y7er

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1

aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3

url VCID-7hxq-cp29-r7dh

vulnerability_id VCID-7hxq-cp29-r7dh

summary

Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14272

reference_id

reference_type

scores

value	0.00347
scoring_system	epss
scoring_elements	0.57535
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14272

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14272

reference_id

CVE-2019-14272

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14272

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-14272

reference_id

CVE-2019-14272

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-14272

fixed_packages

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh

url VCID-b6nm-cphj-wfgw

vulnerability_id VCID-b6nm-cphj-wfgw

summary

Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53948
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw

url VCID-cmwn-cjff-9qau

vulnerability_id VCID-cmwn-cjff-9qau

summary

Session Fixation
SilverStripe allows session fixation in the "change password" form.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17108
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

fixed_packages

url pkg:composer/silverstripe/framework@3.6.8

purl pkg:composer/silverstripe/framework@3.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8

url pkg:composer/silverstripe/framework@3.7.4

purl pkg:composer/silverstripe/framework@3.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau

url VCID-mkex-ht2r-cucz

vulnerability_id VCID-mkex-ht2r-cucz

summary

Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14273

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56702
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14273

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14273

reference_id

CVE-2019-14273

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14273

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-14273

reference_id

CVE-2019-14273

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-14273

fixed_packages

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz

url VCID-nute-ndg2-z7ev

vulnerability_id VCID-nute-ndg2-z7ev

summary

Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59631
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev

url VCID-qdwg-f2bx-1bay

vulnerability_id VCID-qdwg-f2bx-1bay

summary

Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18049

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43711
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18049

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.exploit-db.com/exploits/43396

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/43396

reference_url	https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/43396/

reference_url

https://www.silverstripe.org/download/security-releases/ss-2017-007

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2017-007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18049

reference_id

CVE-2017-18049

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18049

fixed_packages

url pkg:composer/silverstripe/framework@3.6.3-rc2

purl pkg:composer/silverstripe/framework@3.6.3-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2

url pkg:composer/silverstripe/framework@3.6.3

purl pkg:composer/silverstripe/framework@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay

url VCID-r1eg-dwej-5kau

vulnerability_id VCID-r1eg-dwej-5kau

summary

Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.41982
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_url	https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url	https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_url	https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url	https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

aliases CVE-2019-12437, GHSA-fx37-56v6-85q6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau

url VCID-umhc-fdfh-1fdx

vulnerability_id VCID-umhc-fdfh-1fdx

summary

Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.57155
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_url

https://github.com/silverstripe/silverstripe-cms

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-cms

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_id

CVE-2020-9311

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

reference_id

CVE-2020-9311

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

fixed_packages

url	pkg:composer/silverstripe/framework@3.7.5
purl	pkg:composer/silverstripe/framework@3.7.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5

aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx

url VCID-xg74-3h1h-kqaf

vulnerability_id VCID-xg74-3h1h-kqaf

summary

Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.35994
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.4.0

purl pkg:composer/silverstripe/framework@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0

aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf

url VCID-y8et-m846-2fc6

vulnerability_id VCID-y8et-m846-2fc6

summary

Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.49005
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id	CVE-2019-12245
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_id

CVE-2019-12245.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_url	https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id	GHSA-jvx5-rm6q-gx7p
reference_type
scores
url	https://github.com/advisories/GHSA-jvx5-rm6q-gx7p

fixed_packages

url pkg:composer/silverstripe/framework@3.6.8

purl pkg:composer/silverstripe/framework@3.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8

url pkg:composer/silverstripe/framework@3.7.4

purl pkg:composer/silverstripe/framework@3.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.6
purl	pkg:composer/silverstripe/framework@4.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6

Fixing_vulnerabilities

url VCID-h1y5-n4b7-ckg6

vulnerability_id VCID-h1y5-n4b7-ckg6

summary

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0

reference_url

https://www.silverstripe.org/download/security-releases/ss-2017-005

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2017-005

reference_url	https://github.com/advisories/GHSA-7m2v-x7rg-5hm5
reference_id	GHSA-7m2v-x7rg-5hm5
reference_type
scores
url	https://github.com/advisories/GHSA-7m2v-x7rg-5hm5

fixed_packages

url pkg:composer/silverstripe/framework@3.5.5

purl pkg:composer/silverstripe/framework@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5

url pkg:composer/silverstripe/framework@3.6.2

purl pkg:composer/silverstripe/framework@3.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-7hxq-cp29-r7dh

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-mkex-ht2r-cucz

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-qdwg-f2bx-1bay

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-umhc-fdfh-1fdx

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2

aliases GHSA-7m2v-x7rg-5hm5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1y5-n4b7-ckg6

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2

Package Instance