silverstripe/framework vulnerabilities

The SilverStripe framework

Latest version: 4.3.4

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the silverstripe/framework package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Cross-Site Request Forgery (CSRF)
>=4.0.0, <4.4.0 Not available 11 Jun, 2019
  • H
SQL Injection
>=3.6.0, <3.6.7,>=3.7.0, <3.7.3,>=4.0.0, <4.0.7,>=4.1.0, <4.1.5,>=4.2.0, <4.2.4,>=4.3.0, <4.3.1 Not available 19 Feb, 2019
  • M
Access Restriction Bypass
<2.3.10,>=2.4.0, <2.4.4 Not available 17 Jun, 2018
  • M
IP and Protocol Spoofing
<3.1.17,>=3.2.0, <3.2.2,>=3.3-alpha, <3.3.0 Not available 18 Feb, 2016
  • L
Access Restriction Bypass
<3.1.17,>=3.2.0, <3.2.2,>=3.3-alpha, <3.3.0 Not available 17 Feb, 2016
  • M
Cross-site Request Forgery (CSRF)
<3.1.17,>=3.2.0, <3.2.2,>=3.3-alpha, <3.3.0 Not available 17 Feb, 2016
  • L
Cross-site Scripting (XSS)
<3.2.1 Not available 13 Nov, 2015
  • M
Cross-site Scripting (XSS)
<3.1.16,>=3.2.0, <3.2.1 Not available 11 Nov, 2015
  • M
Cross-site Scripting (XSS)
<3.1.14 Not available 14 Sep, 2015
  • M
Cross-site Scripting (XSS)
<3.1.14 Not available 14 Sep, 2015
  • M
HTTP Hostname Injection
<3.1.13 Not available 29 May, 2015
  • M
Access Restriction Bypass
>=3.1.0, <3.1.13,<3.0.14 Not available 28 May, 2015
  • M
Open Redirect
>=3.1.0, <3.1.13,<3.0.14 Not available 25 May, 2015
  • M
SQL Injection
>=3.1.0, <3.1.13,<3.0.14 Not available 25 May, 2015
  • M
Cross-site Scripting (XSS)
<3.1.12 Not available 20 Mar, 2015
  • M
Cross-site Scripting (XSS)
>=3.1.0, <3.1.12,<3.0.13 Not available 20 Mar, 2015
  • M
Arbitrary Code Injection
>=3.1.0, <3.1.12,<3.0.13 Not available 20 Mar, 2015
  • M
Cross-site Scripting (XSS)
<3.1.10 Not available 12 Feb, 2015
  • M
Cross-site Scripting (XSS)
<3.1.10 Not available 12 Feb, 2015
  • M
Cross-site Scripting (XSS)
<3.1.10 Not available 12 Feb, 2015
  • L
Quadratic Blowup Attack
<3.1.12 Not available 12 Aug, 2014