{"url":"http://public2.vulnerablecode.io/api/packages/81458?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0-beta1","type":"composer","namespace":"silverstripe","name":"framework","version":"3.3.0-beta1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.3","latest_non_vulnerable_version":"5.2.16","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340849?format=json","vulnerability_id":"VCID-1yc7-8qd2-zfhm","summary":"Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-003"},{"reference_url":"https://github.com/advisories/GHSA-87pf-7x99-5xc4","reference_id":"GHSA-87pf-7x99-5xc4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87pf-7x99-5xc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51467?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3wv-6zpv-zbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-87pf-7x99-5xc4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yc7-8qd2-zfhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340848?format=json","vulnerability_id":"VCID-9qx2-tr6c-sbby","summary":"Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-002","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-002"},{"reference_url":"https://github.com/advisories/GHSA-2hpc-mf4q-j885","reference_id":"GHSA-2hpc-mf4q-j885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hpc-mf4q-j885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51467?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3wv-6zpv-zbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-2hpc-mf4q-j885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qx2-tr6c-sbby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340847?format=json","vulnerability_id":"VCID-rat4-3wbz-33fu","summary":"Silverstripe Missing security check on dev/build/defaults","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-028","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-028"},{"reference_url":"https://github.com/advisories/GHSA-x5w2-wcr8-9q45","reference_id":"GHSA-x5w2-wcr8-9q45","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5w2-wcr8-9q45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51467?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3wv-6zpv-zbfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-x5w2-wcr8-9q45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rat4-3wbz-33fu"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-beta1"}