{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340873?format=json","vulnerability_id":"VCID-2e1q-fc4b-mydq","summary":"silverstripe/framework Privilege Escalation Risk in Member Edit form","aliases":[{"alias":"GHSA-xpff-c35g-j3cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81490?format=json","purl":"pkg:composer/silverstripe/framework@3.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/81491?format=json","purl":"pkg:composer/silverstripe/framework@3.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/81486?format=json","purl":"pkg:composer/silverstripe/framework@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/81488?format=json","purl":"pkg:composer/silverstripe/framework@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81489?format=json","purl":"pkg:composer/silverstripe/framework@3.5.7-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2e1q-fc4b-mydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.7-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/81484?format=json","purl":"pkg:composer/silverstripe/framework@3.6.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2af9-znrv-3bf7"},{"vulnerability":"VCID-2e1q-fc4b-mydq"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-hp6e-75gr-uuan"},{"vulnerability":"VCID-hsfb-xx67-7qg6"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-k8vz-xw7w-e3dg"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yhh9-rkh9-rqeu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.0-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/81485?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25r7-spjd-qufz"},{"vulnerability":"VCID-2e1q-fc4b-mydq"},{"vulnerability":"VCID-2p3r-ff36-aqfm"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-6zn9-kt2q-s3bq"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-c3aa-8je2-quek"},{"vulnerability":"VCID-hp6e-75gr-uuan"},{"vulnerability":"VCID-hsfb-xx67-7qg6"},{"vulnerability":"VCID-jxym-rkhj-yybr"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-k8vz-xw7w-e3dg"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mfzd-r5pm-q7es"},{"vulnerability":"VCID-pmb3-k9w1-y7gm"},{"vulnerability":"VCID-s99v-qdmh-ebf8"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/81487?format=json","purl":"pkg:composer/silverstripe/framework@4.1.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25r7-spjd-qufz"},{"vulnerability":"VCID-2e1q-fc4b-mydq"},{"vulnerability":"VCID-2p3r-ff36-aqfm"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-6zn9-kt2q-s3bq"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8z35-2baj-cqdb"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-9wms-djy3-x7fs"},{"vulnerability":"VCID-c3aa-8je2-quek"},{"vulnerability":"VCID-fgmy-q8sf-n3dj"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-jxym-rkhj-yybr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mfzd-r5pm-q7es"},{"vulnerability":"VCID-pmb3-k9w1-y7gm"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0-rc1"}],"references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-001-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/577138882163e4b8782ea043487944d30d88e753"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e409d6f673c49846086b23677aecdc3fde5fc4d5"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-001"},{"reference_url":"https://github.com/advisories/GHSA-xpff-c35g-j3cr","reference_id":"GHSA-xpff-c35g-j3cr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpff-c35g-j3cr"}],"weaknesses":[{"cwe_id":268,"name":"Privilege Chaining","description":"Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e1q-fc4b-mydq"}