{"url":"http://public2.vulnerablecode.io/api/packages/81487?format=json","purl":"pkg:composer/silverstripe/framework@4.1.0-rc1","type":"composer","namespace":"silverstripe","name":"framework","version":"4.1.0-rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.3.5","latest_non_vulnerable_version":"5.2.16","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340877?format=json","vulnerability_id":"VCID-25r7-spjd-qufz","summary":"silverstripe/framework uploaded PHP script execution in assets","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-012-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-012-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/5b7eca2b6327556e2d5ad31bb00511b187e5992a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/5b7eca2b6327556e2d5ad31bb00511b187e5992a"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-012","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-012"},{"reference_url":"https://github.com/advisories/GHSA-f43j-8hq4-2xj9","reference_id":"GHSA-f43j-8hq4-2xj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43j-8hq4-2xj9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-f43j-8hq4-2xj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25r7-spjd-qufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340873?format=json","vulnerability_id":"VCID-2e1q-fc4b-mydq","summary":"silverstripe/framework Privilege Escalation Risk in Member Edit form","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-001"},{"reference_url":"https://github.com/advisories/GHSA-xpff-c35g-j3cr","reference_id":"GHSA-xpff-c35g-j3cr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpff-c35g-j3cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-xpff-c35g-j3cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e1q-fc4b-mydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340872?format=json","vulnerability_id":"VCID-2p3r-ff36-aqfm","summary":"silverstripe/framework's URL parameters `isDev` and `isTest` unguarded","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-005-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-005-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/d935140a9528a3a42323b51d84fb2bcd3da065a7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/d935140a9528a3a42323b51d84fb2bcd3da065a7"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-005"},{"reference_url":"https://github.com/advisories/GHSA-55qg-6c4m-mw6g","reference_id":"GHSA-55qg-6c4m-mw6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55qg-6c4m-mw6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-55qg-6c4m-mw6g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p3r-ff36-aqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137842?format=json","vulnerability_id":"VCID-4mg2-rjsn-qyfx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17126","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"CVE-2019-12203.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340882?format=json","vulnerability_id":"VCID-6zn9-kt2q-s3bq","summary":"silverstripe/framework has possible denial of service attack vector when flushing","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-019-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/0610f76da02ac53a1b51cdfe9eac34e943a66991"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8d7c2dafabad505d769f3774c44e0595fb1a4cd9"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/af000bea9b16ea553cae7f7f662f74ab8dc343df"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-019","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-019"},{"reference_url":"https://github.com/advisories/GHSA-cwgq-83w5-8jfq","reference_id":"GHSA-cwgq-83w5-8jfq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwgq-83w5-8jfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81495?format=json","purl":"pkg:composer/silverstripe/framework@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/81497?format=json","purl":"pkg:composer/silverstripe/framework@4.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2"}],"aliases":["GHSA-cwgq-83w5-8jfq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zn9-kt2q-s3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137865?format=json","vulnerability_id":"VCID-7kmy-8ht6-8fcw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4898","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74368?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340878?format=json","vulnerability_id":"VCID-8z35-2baj-cqdb","summary":"silverstripe/framework sends passwords back to browsers under some circumstances","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-013","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-013"},{"reference_url":"https://github.com/advisories/GHSA-vh7q-j8p5-2h4h","reference_id":"GHSA-vh7q-j8p5-2h4h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vh7q-j8p5-2h4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-vh7q-j8p5-2h4h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8z35-2baj-cqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137866?format=json","vulnerability_id":"VCID-9vwe-uejx-c3c5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36012","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74359?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340880?format=json","vulnerability_id":"VCID-9wms-djy3-x7fs","summary":"silverstripe/framework allows upload of dangerous file types","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-014-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-014-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/0408048653fafc52e02b4dbc6288e14e634ac613","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/0408048653fafc52e02b4dbc6288e14e634ac613"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-014","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-014"},{"reference_url":"https://github.com/advisories/GHSA-vcg6-8fxc-x5cq","reference_id":"GHSA-vcg6-8fxc-x5cq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcg6-8fxc-x5cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-vcg6-8fxc-x5cq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wms-djy3-x7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340875?format=json","vulnerability_id":"VCID-c3aa-8je2-quek","summary":"silverstripe/framework BackURL validation bypass with malformed URLs","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-008-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/9053014a7e2eba28d000881e0bb3cc1d6e6b2eea"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-008"},{"reference_url":"https://github.com/advisories/GHSA-m5q3-mvcr-gc5m","reference_id":"GHSA-m5q3-mvcr-gc5m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m5q3-mvcr-gc5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-m5q3-mvcr-gc5m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3aa-8je2-quek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340876?format=json","vulnerability_id":"VCID-fgmy-q8sf-n3dj","summary":"silverstripe/framework code execution vulnerability","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-006-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-006-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6f50728b185e62c0087a58b295a015cb13276911","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6f50728b185e62c0087a58b295a015cb13276911"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-006"},{"reference_url":"https://github.com/advisories/GHSA-vgxh-x8jv-hmff","reference_id":"GHSA-vgxh-x8jv-hmff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vgxh-x8jv-hmff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-vgxh-x8jv-hmff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgmy-q8sf-n3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140881?format=json","vulnerability_id":"VCID-jc9t-3hb5-z3g5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16409","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53411","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16409"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/symbiote/silverstripe-versionedfiles","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symbiote/silverstripe-versionedfiles"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16409","reference_id":"CVE-2019-16409","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16409"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409","reference_id":"CVE-2019-16409","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409/","reference_id":"CVE-2019-16409","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-16409/"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml","reference_id":"CVE-2019-16409.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xm6j-x342-gwq9","reference_id":"GHSA-xm6j-x342-gwq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xm6j-x342-gwq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-16409","GHSA-xm6j-x342-gwq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc9t-3hb5-z3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340881?format=json","vulnerability_id":"VCID-jxym-rkhj-yybr","summary":"silverstripe/framework may disclose database credentials during connection failure","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-018-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/214e28127f5425b61c15b69f884afdbad31133c2"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/54251952387394d72b221e797a80edfbf9a973ee"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/9aabe0a0f7a061d87cc92923f8811e14d7a032f5"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-018","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-018"},{"reference_url":"https://github.com/advisories/GHSA-m2hh-2m46-x6j5","reference_id":"GHSA-m2hh-2m46-x6j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2hh-2m46-x6j5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81495?format=json","purl":"pkg:composer/silverstripe/framework@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/81497?format=json","purl":"pkg:composer/silverstripe/framework@4.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.2"}],"aliases":["GHSA-m2hh-2m46-x6j5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxym-rkhj-yybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138126?format=json","vulnerability_id":"VCID-m2bw-tabk-qyd8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53918","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"CVE-2019-12617.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340883?format=json","vulnerability_id":"VCID-mfzd-r5pm-q7es","summary":"silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-020","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-020"},{"reference_url":"https://github.com/advisories/GHSA-265q-222x-52m6","reference_id":"GHSA-265q-222x-52m6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-265q-222x-52m6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81501?format=json","purl":"pkg:composer/silverstripe/framework@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/81502?format=json","purl":"pkg:composer/silverstripe/framework@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.3"}],"aliases":["GHSA-265q-222x-52m6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfzd-r5pm-q7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340879?format=json","vulnerability_id":"VCID-pmb3-k9w1-y7gm","summary":"silverstripe/framework vulnerable to member disclosure in login form","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-010-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-010-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/5887201dd578a5b9779c33a182153d2ce973ab41","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/5887201dd578a5b9779c33a182153d2ce973ab41"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-010","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-010"},{"reference_url":"https://github.com/advisories/GHSA-crr3-h4m8-7f56","reference_id":"GHSA-crr3-h4m8-7f56","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crr3-h4m8-7f56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"aliases":["GHSA-crr3-h4m8-7f56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmb3-k9w1-y7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137844?format=json","vulnerability_id":"VCID-x6g5-a61e-3khu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59603","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13696?format=json","vulnerability_id":"VCID-yxg1-dz91-ckgs","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41992","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc9t-3hb5-z3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0-rc1"}