GHSA-wm32-3r4m-jvcc

Source

https://github.com/advisories/GHSA-wm32-3r4m-jvcc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-wm32-3r4m-jvcc/GHSA-wm32-3r4m-jvcc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wm32-3r4m-jvcc

Aliases

CVE-2017-20164

Published

2023-01-07T21:30:38Z

Modified

2024-02-16T08:25:02.781065Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Symbiote Seed Open Redirect vulnerability

Details

A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 can address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.

Database specific

{
    "nvd_published_at": "2023-01-07T20:15:00Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T21:54:48Z"
}

References

Affected packages

Packagist / symbiote/silverstripe-seed

Package

Name: symbiote/silverstripe-seed
Purl: pkg:composer/symbiote/silverstripe-seed

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.4.1

1.4.2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.2.3

3.*

3.0.0

4.*

4.0.0

4.0.1

5.*

5.0.0

6.*

6.0.0

6.0.1

6.0.2