{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7219?format=json","vulnerability_id":"VCID-unqm-76fg-3fct","summary":"Queued jobs serialised data exposure\nSavedJobData and SavedJobMessages contain php serialized data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialize. This issue has been resolved by hiding this content, even from administrators.","aliases":[{"alias":"SS-2015-024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152006?format=json","purl":"pkg:composer/silverstripe/cms@3.0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-qdtk-twxp-2kbv"},{"vulnerability":"VCID-rbft-1w3r-3ub7"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/21329?format=json","purl":"pkg:composer/silverstripe/cms@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-qdtk-twxp-2kbv"},{"vulnerability":"VCID-rbft-1w3r-3ub7"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/153308?format=json","purl":"pkg:composer/silverstripe/cms@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-unqm-76fg-3fct"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/153309?format=json","purl":"pkg:composer/silverstripe/cms@2.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-unqm-76fg-3fct"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/153310?format=json","purl":"pkg:composer/silverstripe/cms@2.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-unqm-76fg-3fct"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/153311?format=json","purl":"pkg:composer/silverstripe/cms@2.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-unqm-76fg-3fct"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/153312?format=json","purl":"pkg:composer/silverstripe/cms@2.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-g366-c4n9-vfcs"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-jdyv-jdju-kbb2"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-unqm-76fg-3fct"},{"vulnerability":"VCID-wpu5-3h5v-wuhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@2.4.13"}],"references":[{"reference_url":"http://www.silverstripe.org/download/security-releases/SS-2015-024","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/SS-2015-024"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unqm-76fg-3fct"}