{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","type":"composer","namespace":"silverstripe","name":"framework","version":"4.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.4","latest_non_vulnerable_version":"5.3.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=json","vulnerability_id":"VCID-1mmc-91gk-r3d3","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55549","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57787?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57788?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57789?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57790?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51851?format=json","vulnerability_id":"VCID-b6nm-cphj-wfgw","summary":"Improper Privilege Management\nIn SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53948","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51839?format=json","vulnerability_id":"VCID-cmwn-cjff-9qau","summary":"Session Fixation\nSilverStripe allows session fixation in the \"change password\" form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17108","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51842?format=json","vulnerability_id":"VCID-nute-ndg2-z7ev","summary":"Cross-site Scripting\nSilverStripe has Flash Clipboard Reflected XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52000?format=json","vulnerability_id":"VCID-nzcm-xbxx-wyf9","summary":"SilverStripe Versioned Files module Unpublished files are exposed publicly\nIn the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16409","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53437","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16409"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/symbiote/silverstripe-versionedfiles","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symbiote/silverstripe-versionedfiles"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16409","reference_id":"CVE-2019-16409","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16409"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409","reference_id":"CVE-2019-16409","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409/","reference_id":"CVE-2019-16409","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409/"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml","reference_id":"CVE-2019-16409.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xm6j-x342-gwq9","reference_id":"GHSA-xm6j-x342-gwq9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xm6j-x342-gwq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-16409","GHSA-xm6j-x342-gwq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcm-xbxx-wyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41074?format=json","vulnerability_id":"VCID-r1eg-dwej-5kau","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52516?format=json","vulnerability_id":"VCID-ru3j-21j8-ayhm","summary":"Unrestricted Upload of File with Dangerous Type\nIn SilverStripe, files uploaded via Forms to folders migrated from Silverstripe may be put to the default `/Uploads` folder instead.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9280","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9280"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9280","reference_id":"CVE-2020-9280","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9280"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9280","reference_id":"CVE-2020-9280","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9280"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152803?format=json","purl":"pkg:composer/silverstripe/framework@4.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/77115?format=json","purl":"pkg:composer/silverstripe/framework@4.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1"}],"aliases":["CVE-2020-9280","GHSA-592m-4533-rxq9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ru3j-21j8-ayhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52274?format=json","vulnerability_id":"VCID-xg74-3h1h-kqaf","summary":"Uncontrolled Resource Consumption\nSilverStripe allows a Denial of Service on flush and development URL tools.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35994","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76173?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51847?format=json","vulnerability_id":"VCID-y8et-m846-2fc6","summary":"Information Exposure\nSilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49005","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/144279?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52802?format=json","vulnerability_id":"VCID-ytbc-8mhd-b3fc","summary":"Information Exposure\nIn SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6164","reference_id":"","reference_type":"","scores":[{"value":"0.00703","scoring_system":"epss","scoring_elements":"0.72448","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6164"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6164","reference_id":"CVE-2020-6164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6164"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-6164","reference_id":"CVE-2020-6164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-6164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77688?format=json","purl":"pkg:composer/silverstripe/framework@4.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/249187?format=json","purl":"pkg:composer/silverstripe/framework@4.5.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/77689?format=json","purl":"pkg:composer/silverstripe/framework@4.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4"}],"aliases":["CVE-2020-6164","GHSA-gm5x-hpmw-xpxg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55022?format=json","vulnerability_id":"VCID-37d1-tt74-yyfm","summary":"silverstripe/framework users inadvertently passing sensitive data to LoginAttempt\nAll user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field.\n\nIn order to address this a one-way hash is applied to the Email field before being stored.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-009"},{"reference_url":"https://github.com/advisories/GHSA-ph62-fv59-vf9h","reference_id":"GHSA-ph62-fv59-vf9h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ph62-fv59-vf9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-ph62-fv59-vf9h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37d1-tt74-yyfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51855?format=json","vulnerability_id":"VCID-7hxq-cp29-r7dh","summary":"Cross-site Scripting\nIn SilverStripe asset-admin, there is XSS in file titles managed through the CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57535","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55040?format=json","vulnerability_id":"VCID-a1p9-cwzb-kbgb","summary":"silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms\nWhen accessing the `install.php` script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the `value` property of the password fields.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-010-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/7a79cd039a96ef54182263d5fbb72addf093b171"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-010","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-010"},{"reference_url":"https://github.com/advisories/GHSA-r3pr-fh25-wrfc","reference_id":"GHSA-r3pr-fh25-wrfc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3pr-fh25-wrfc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-r3pr-fh25-wrfc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1p9-cwzb-kbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55043?format=json","vulnerability_id":"VCID-aygc-4nhm-n7eq","summary":"silverstripe/framework SQL injection in full text search\nWhen performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.\n\nThe issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-008","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-008"},{"reference_url":"https://github.com/advisories/GHSA-xx4r-5265-48j6","reference_id":"GHSA-xx4r-5265-48j6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xx4r-5265-48j6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-xx4r-5265-48j6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aygc-4nhm-n7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55028?format=json","vulnerability_id":"VCID-fm87-te3v-pkc8","summary":"silverstripe/framework CSV Excel Macro Injection\nIn the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed.\n\nIn order to safeguard against this threat all potentially executable cell values exported from CSV will be prepended with a literal tab character.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://github.com/advisories/GHSA-mqjc-x563-c9q8","reference_id":"GHSA-mqjc-x563-c9q8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mqjc-x563-c9q8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-mqjc-x563-c9q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm87-te3v-pkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51853?format=json","vulnerability_id":"VCID-mkex-ht2r-cucz","summary":"Files or Directories Accessible to External Parties\nIn SilverStripe, there is broken access control on files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56702","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39336?format=json","vulnerability_id":"VCID-qdwg-f2bx-1bay","summary":"Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43711","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"CVE-2017-18049","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215636?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/215639?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}