{"url":"http://public2.vulnerablecode.io/api/packages/57782?format=json","purl":"pkg:composer/silverstripe/framework@4.1.0","type":"composer","namespace":"silverstripe","name":"framework","version":"4.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.5","latest_non_vulnerable_version":"5.1.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=json","vulnerability_id":"VCID-1mmc-91gk-r3d3","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57788?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57789?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57790?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51850?format=json","vulnerability_id":"VCID-z94y-nz4f-y7er","summary":"Improper Privilege Management\nIn SilverStripe, a missing warning about leaving `install.php` in a public webroot can lead to unauthenticated admin access.","references":[{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://packagist.org/packages/silverstripe/cms","reference_id":"","reference_type":"","scores":[],"url":"https://packagist.org/packages/silverstripe/cms"},{"reference_url":"https://packagist.org/packages/silverstripe/framework","reference_id":"","reference_type":"","scores":[],"url":"https://packagist.org/packages/silverstripe/framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12204","reference_id":"CVE-2019-12204","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12204"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12204","reference_id":"CVE-2019-12204","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12204"},{"reference_url":"https://github.com/advisories/GHSA-cg8j-8w52-735v","reference_id":"GHSA-cg8j-8w52-735v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cg8j-8w52-735v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12204","GHSA-cg8j-8w52-735v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z94y-nz4f-y7er"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0"}