GHSA-wm32-3r4m-jvcc

Suggest an improvement
Source
https://github.com/advisories/GHSA-wm32-3r4m-jvcc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-wm32-3r4m-jvcc/GHSA-wm32-3r4m-jvcc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wm32-3r4m-jvcc
Aliases
Published
2023-01-07T21:30:38Z
Modified
2024-02-16T08:25:02.781065Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Symbiote Seed Open Redirect vulnerability
Details

A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 can address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.

References

Affected packages

Packagist / symbiote/silverstripe-seed

Package

Name
symbiote/silverstripe-seed
Purl
pkg:composer/symbiote/silverstripe-seed

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3

Affected versions

1.*

1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3

3.*

3.0.0

4.*

4.0.0
4.0.1

5.*

5.0.0

6.*

6.0.0
6.0.1
6.0.2