Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-xpff-c35g-j3cr
  • Packagist/silverstripe/framework
silverstripe/framework Privilege Escalation Risk in Member Edit form
  • 3.5.7
  • 3.5.8-rc1
  • 3.6.0
  • 3.6.0-rc1
  • 3.6.1
  • 3.6.1-alpha2
  • 3.6.2
  • ...
2024-05-27T22:28:13Z Fix available
GHSA-55qg-6c4m-mw6g
  • Packagist/silverstripe/framework
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
  • 4.0.0
  • 4.0.0-rc1
  • 4.0.0-rc2
  • 4.0.0-rc3
  • 4.0.1
  • 4.0.1-rc1
  • 4.0.2
  • ...
2024-05-27T22:02:02Z Fix available
GHSA-xx4r-5265-48j6
  • Packagist/silverstripe/framework
silverstripe/framework SQL injection in full text search
  • 3.5.0
  • 3.5.0-rc1
  • 3.5.0-rc2
  • 3.5.0-rc3
  • 3.5.1
  • 3.5.1-rc1
  • 3.5.1-rc2
  • ...
2024-05-27T21:53:32Z Fix available
GHSA-ph62-fv59-vf9h
  • Packagist/silverstripe/framework
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
  • 3.5.0
  • 3.5.0-rc1
  • 3.5.0-rc2
  • 3.5.0-rc3
  • 3.5.1
  • 3.5.1-rc1
  • 3.5.1-rc2
  • ...
2024-05-27T21:50:43Z Fix available
GHSA-mqjc-x563-c9q8
  • Packagist/silverstripe/framework
silverstripe/framework CSV Excel Macro Injection
  • 3.5.0
  • 3.5.0-rc1
  • 3.5.0-rc2
  • 3.5.0-rc3
  • 3.5.1
  • 3.5.1-rc1
  • 3.5.1-rc2
  • ...
2024-05-27T21:47:49Z Fix available
GHSA-7m2v-x7rg-5hm5
  • Packagist/silverstripe/framework
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
  • 3.5.0
  • 3.5.0-rc1
  • 3.5.0-rc2
  • 3.5.0-rc3
  • 3.5.1
  • 3.5.1-rc1
  • 3.5.1-rc2
  • ...
2024-05-27T21:45:27Z Fix available
GHSA-4qx8-j9vh-2628
  • Packagist/silverstripe/framework
silverstripe/framework's User-Agent header not correctly invalidating user session
  • 3.5.0
  • 3.5.0-rc1
  • 3.5.0-rc2
  • 3.5.0-rc3
  • 3.5.1
  • 3.5.1-rc1
  • 3.5.1-rc2
  • ...
2024-05-27T20:35:31Z Fix available
GHSA-c4c3-j73v-634r
  • Packagist/silverstripe/framework
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
  • 3.4.0
  • 3.4.0-rc1
  • 3.4.1
  • 3.4.1-rc1
  • 3.4.1-rc2
  • 3.4.2
  • 3.4.3
  • ...
2024-05-27T20:31:59Z Fix available
GHSA-pp7q-6j3f-74vj
  • Packagist/silverstripe/framework
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
  • 3.4.0
  • 3.4.0-rc1
  • 3.4.1
  • 3.4.1-rc1
  • 3.4.1-rc2
  • 3.4.2
  • 3.4.3
  • ...
2024-05-27T20:05:34Z Fix available
GHSA-r85g-7jpv-8xrx
  • Packagist/silverstripe/framework
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
  • 3.1.0
  • 3.1.0-rc1
  • 3.1.0-rc2
  • 3.1.0-rc3
  • 3.1.1
  • 3.1.10
  • 3.1.10-rc1
  • ...
2024-05-27T19:44:40Z Fix available
GHSA-hhvj-mcrx-3vcf
  • Packagist/silverstripe/framework
silverstripe/framework has Cross-site Scripting vulnerability in page name
  • 3.4.0
  • 3.4.0-rc1
  • 3.4.1
  • 3.4.1-rc1
  • 3.4.1-rc2
  • 3.4.2
  • 3.4.3
  • ...
2024-05-27T19:32:44Z Fix available
GHSA-g84q-cq55-xwgp
  • Packagist/silverstripe/framework
silverstripe/framework member disclosure in login form
  • 3.4.0
  • 3.4.0-rc1
  • 3.4.1
  • 3.4.1-rc1
  • 3.4.1-rc2
  • 3.4.2
  • 3.4.3
  • ...
2024-05-27T19:16:12Z Fix available
GHSA-468j-6jrc-2rjx
  • Packagist/silverstripe/framework
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
  • 3.1.19
  • 3.1.19-rc1
  • 3.1.20-rc1
  • 3.1.20-rc2
  • 3.2.4
  • 3.2.4-rc1
  • 3.2.5-rc1
  • ...
2024-05-27T19:09:53Z Fix available
GHSA-r9vp-fp72-xgf7
  • Packagist/silverstripe/framework
silverstripe/framework's `Member.Name` is not escaped
  • 3.1.10
  • 3.1.10-rc1
  • 3.1.10-rc2
  • 3.1.11
  • 3.1.11-rc1
  • 3.1.12
  • 3.1.13
  • ...
2024-05-27T18:58:08Z Fix available
GHSA-5r8w-66hq-rc39
  • Packagist/silverstripe/framework
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
  • 3.1.19
  • 3.1.19-rc1
  • 3.1.20-rc1
  • 3.1.20-rc2
  • 3.2.4
  • 3.2.4-rc1
  • 3.2.5-rc1
  • ...
2024-05-27T18:53:40Z Fix available
GHSA-52cx-hpc5-cxwc
  • Packagist/silverstripe/framework
silverstripe/framework missing ACL on reports
  • 3.1.19
  • 3.1.19-rc1
  • 3.1.20-rc1
  • 3.1.20-rc2
  • 3.2.4
  • 3.2.4-rc1
  • 3.2.5-rc1
  • ...
2024-05-27T18:44:47Z Fix available