Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zaty-jxqd-hyb4

Summary

Uncontrolled Resource Consumption
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Aliases

alias	CVE-2023-40180

alias	GHSA-v23w-pppm-jh66

Fixed_packages

url	pkg:composer/silverstripe/graphql@3.8.2
purl	pkg:composer/silverstripe/graphql@3.8.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.2

url pkg:composer/silverstripe/graphql@4.0.0-alpha1

purl pkg:composer/silverstripe/graphql@4.0.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajga-3b99-yugh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha1

url pkg:composer/silverstripe/graphql@4.1.3

purl pkg:composer/silverstripe/graphql@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.3

url pkg:composer/silverstripe/graphql@4.2.5

purl pkg:composer/silverstripe/graphql@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.5

url pkg:composer/silverstripe/graphql@4.3.0-rc1

purl pkg:composer/silverstripe/graphql@4.3.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0-rc1

url pkg:composer/silverstripe/graphql@4.3.4

purl pkg:composer/silverstripe/graphql@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.4

url	pkg:composer/silverstripe/graphql@5.0.0-alpha1
purl	pkg:composer/silverstripe/graphql@5.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1

url pkg:composer/silverstripe/graphql@5.0.3

purl pkg:composer/silverstripe/graphql@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.3

url pkg:composer/silverstripe/graphql@5.1.0-beta1

purl pkg:composer/silverstripe/graphql@5.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.0-beta1

Affected_packages

url pkg:composer/silverstripe/graphql@3.0.0

purl pkg:composer/silverstripe/graphql@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.0

url pkg:composer/silverstripe/graphql@3.0.1

purl pkg:composer/silverstripe/graphql@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.1

url pkg:composer/silverstripe/graphql@3.0.2

purl pkg:composer/silverstripe/graphql@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.2

url pkg:composer/silverstripe/graphql@3.0.3

purl pkg:composer/silverstripe/graphql@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.3

url pkg:composer/silverstripe/graphql@3.0.4

purl pkg:composer/silverstripe/graphql@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.4

url pkg:composer/silverstripe/graphql@3.1.0-rc1

purl pkg:composer/silverstripe/graphql@3.1.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.0-rc1

url pkg:composer/silverstripe/graphql@3.1.0

purl pkg:composer/silverstripe/graphql@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.0

url pkg:composer/silverstripe/graphql@3.1.1

purl pkg:composer/silverstripe/graphql@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.1

url pkg:composer/silverstripe/graphql@3.1.2

purl pkg:composer/silverstripe/graphql@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.2

url pkg:composer/silverstripe/graphql@3.1.3

purl pkg:composer/silverstripe/graphql@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.3

url pkg:composer/silverstripe/graphql@3.1.4

purl pkg:composer/silverstripe/graphql@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.4

url pkg:composer/silverstripe/graphql@3.1.5

purl pkg:composer/silverstripe/graphql@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.5

url pkg:composer/silverstripe/graphql@3.2.0-alpha1

purl pkg:composer/silverstripe/graphql@3.2.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.0-alpha1

url pkg:composer/silverstripe/graphql@3.2.0-rc1

purl pkg:composer/silverstripe/graphql@3.2.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.0-rc1

url pkg:composer/silverstripe/graphql@3.2.0-rc2

purl pkg:composer/silverstripe/graphql@3.2.0-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.0-rc2

url pkg:composer/silverstripe/graphql@3.2.0

purl pkg:composer/silverstripe/graphql@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.0

url pkg:composer/silverstripe/graphql@3.2.1

purl pkg:composer/silverstripe/graphql@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.1

url pkg:composer/silverstripe/graphql@3.2.2

purl pkg:composer/silverstripe/graphql@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.2

url pkg:composer/silverstripe/graphql@3.2.3

purl pkg:composer/silverstripe/graphql@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.3

url pkg:composer/silverstripe/graphql@3.2.4

purl pkg:composer/silverstripe/graphql@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.2.4

url pkg:composer/silverstripe/graphql@3.3.0-beta1

purl pkg:composer/silverstripe/graphql@3.3.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.3.0-beta1

url pkg:composer/silverstripe/graphql@3.3.0-rc1

purl pkg:composer/silverstripe/graphql@3.3.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-n2ar-guzb-qfe1

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.3.0-rc1

url pkg:composer/silverstripe/graphql@3.3.0

purl pkg:composer/silverstripe/graphql@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.3.0

url pkg:composer/silverstripe/graphql@3.4.0-beta1

purl pkg:composer/silverstripe/graphql@3.4.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.4.0-beta1

url pkg:composer/silverstripe/graphql@3.4.0-rc1

purl pkg:composer/silverstripe/graphql@3.4.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.4.0-rc1

url pkg:composer/silverstripe/graphql@3.4.0

purl pkg:composer/silverstripe/graphql@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.4.0

url pkg:composer/silverstripe/graphql@3.4.1

purl pkg:composer/silverstripe/graphql@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.4.1

url pkg:composer/silverstripe/graphql@3.5.0-beta1

purl pkg:composer/silverstripe/graphql@3.5.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.0-beta1

url pkg:composer/silverstripe/graphql@3.5.0-rc1

purl pkg:composer/silverstripe/graphql@3.5.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.0-rc1

url pkg:composer/silverstripe/graphql@3.5.0

purl pkg:composer/silverstripe/graphql@3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.0

url pkg:composer/silverstripe/graphql@3.5.1

purl pkg:composer/silverstripe/graphql@3.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.1

url pkg:composer/silverstripe/graphql@3.5.2

purl pkg:composer/silverstripe/graphql@3.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.2

url pkg:composer/silverstripe/graphql@3.6.0-alpha1

purl pkg:composer/silverstripe/graphql@3.6.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-alpha1

url pkg:composer/silverstripe/graphql@3.6.0-alpha2

purl pkg:composer/silverstripe/graphql@3.6.0-alpha2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-alpha2

url pkg:composer/silverstripe/graphql@3.6.0-beta1

purl pkg:composer/silverstripe/graphql@3.6.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-beta1

url pkg:composer/silverstripe/graphql@3.6.0-rc1

purl pkg:composer/silverstripe/graphql@3.6.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-rc1

url pkg:composer/silverstripe/graphql@3.6.0

purl pkg:composer/silverstripe/graphql@3.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0

url pkg:composer/silverstripe/graphql@3.7.0

purl pkg:composer/silverstripe/graphql@3.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.7.0

url pkg:composer/silverstripe/graphql@3.7.1

purl pkg:composer/silverstripe/graphql@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.7.1

url pkg:composer/silverstripe/graphql@3.7.2

purl pkg:composer/silverstripe/graphql@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.7.2

url pkg:composer/silverstripe/graphql@3.8.0

purl pkg:composer/silverstripe/graphql@3.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.0

url pkg:composer/silverstripe/graphql@3.8.1

purl pkg:composer/silverstripe/graphql@3.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.1

url pkg:composer/silverstripe/graphql@4.0.0

purl pkg:composer/silverstripe/graphql@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0

url pkg:composer/silverstripe/graphql@4.0.1

purl pkg:composer/silverstripe/graphql@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.1

url pkg:composer/silverstripe/graphql@4.0.2

purl pkg:composer/silverstripe/graphql@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.2

url pkg:composer/silverstripe/graphql@4.1.0-beta1

purl pkg:composer/silverstripe/graphql@4.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.0-beta1

url pkg:composer/silverstripe/graphql@4.1.0-rc1

purl pkg:composer/silverstripe/graphql@4.1.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.0-rc1

url pkg:composer/silverstripe/graphql@4.1.0

purl pkg:composer/silverstripe/graphql@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.0

url pkg:composer/silverstripe/graphql@4.1.1

purl pkg:composer/silverstripe/graphql@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-688j-23f6-hbhj

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.1

url pkg:composer/silverstripe/graphql@4.1.2

purl pkg:composer/silverstripe/graphql@4.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.2

url pkg:composer/silverstripe/graphql@4.2.0

purl pkg:composer/silverstripe/graphql@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.0

url pkg:composer/silverstripe/graphql@4.2.1

purl pkg:composer/silverstripe/graphql@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.1

url pkg:composer/silverstripe/graphql@4.2.2

purl pkg:composer/silverstripe/graphql@4.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-688j-23f6-hbhj

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.2

url pkg:composer/silverstripe/graphql@4.2.3

purl pkg:composer/silverstripe/graphql@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.3

url pkg:composer/silverstripe/graphql@4.2.4

purl pkg:composer/silverstripe/graphql@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.4

url pkg:composer/silverstripe/graphql@4.3.0

purl pkg:composer/silverstripe/graphql@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0

url pkg:composer/silverstripe/graphql@4.3.1

purl pkg:composer/silverstripe/graphql@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.1

url pkg:composer/silverstripe/graphql@4.3.2

purl pkg:composer/silverstripe/graphql@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.2

url pkg:composer/silverstripe/graphql@4.3.3

purl pkg:composer/silverstripe/graphql@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.3

url pkg:composer/silverstripe/graphql@5.0.0

purl pkg:composer/silverstripe/graphql@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0

url pkg:composer/silverstripe/graphql@5.0.1

purl pkg:composer/silverstripe/graphql@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.1

url pkg:composer/silverstripe/graphql@5.0.2

purl pkg:composer/silverstripe/graphql@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mvj-w9yw-kyac

vulnerability	VCID-zaty-jxqd-hyb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40180

reference_id

reference_type

scores

value	0.0068
scoring_system	epss
scoring_elements	0.71536
published_at	2026-04-07T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71594
published_at	2026-04-12T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.7161
published_at	2026-04-11T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71587
published_at	2026-04-09T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71546
published_at	2026-04-02T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71576
published_at	2026-04-13T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71563
published_at	2026-04-04T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71685
published_at	2026-05-07T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.7165
published_at	2026-05-05T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71665
published_at	2026-04-29T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71661
published_at	2026-04-26T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71656
published_at	2026-04-24T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71606
published_at	2026-04-21T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71625
published_at	2026-04-18T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.71621
published_at	2026-04-16T12:55:00Z

value	0.00729
scoring_system	epss
scoring_elements	0.72819
published_at	2026-05-14T12:55:00Z

value	0.00729
scoring_system	epss
scoring_elements	0.72764
published_at	2026-05-12T12:55:00Z

value	0.00729
scoring_system	epss
scoring_elements	0.72739
published_at	2026-05-11T12:55:00Z

value	0.00729
scoring_system	epss
scoring_elements	0.72776
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40180

reference_url

https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/

url

https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/

url

https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c

reference_url

https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/

url

https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40180

reference_id

CVE-2023-40180

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40180

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2023-40180

reference_id

CVE-2023-40180

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/

url

https://www.silverstripe.org/download/security-releases/CVE-2023-40180

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml

reference_id

CVE-2023-40180.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml

reference_url

https://github.com/advisories/GHSA-v23w-pppm-jh66

reference_id

GHSA-v23w-pppm-jh66

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v23w-pppm-jh66

reference_url

https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66

reference_id

GHSA-v23w-pppm-jh66

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/

url

https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zaty-jxqd-hyb4

Vulnerability Instance