silverstripe/framework vulnerabilities

The SilverStripe framework

Latest version: 4.6.1

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the silverstripe/framework package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Cache Poisoning
>=4.0.0, <4.4.7,>=4.5.0, <4.5.4,>=3.0.0, <3.7.5 Not available 16 Jul, 2020
  • M
Cross-site Scripting (XSS)
>=3.0.0, <3.7.5 Not available 16 Jul, 2020
  • M
Information Exposure
<4.4.6,>=4.5.0, <4.5.3 Not available 15 Apr, 2020
  • H
Cross-site Scripting (XSS)
>=4.4.0, <4.4.5,>=4.5.0, <4.5.2 Not available 17 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.1.18, <3.1.19,>=3.2.3, <3.2.4,>=3.3.1, <3.3.2 Not available 05 Feb, 2020
  • M
Cross-site Scripting (XSS)
>=3.0.0, <4.3.5,>=4.4.0, <4.4.4 Not available 05 Feb, 2020
  • M
Cross-site Scripting (XSS)
>=4.0.0, <4.3.5,>=4.4.0, <4.4.4 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
<3.4.4,>=3.5.0, <3.5.2 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
<3.4.6,>=3.5.0, <3.5.4 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.1.19, <3.1.20,>=3.2.4, <3.2.5,>=3.3.2, <3.3.3,>=3.4.0, <3.4.1 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.1.18, <3.1.19,>=3.2.3, <3.2.4,>=3.3.1, <3.3.2 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
<3.4.6,>=3.5.0, <3.5.4 Not available 05 Feb, 2020
  • H
SQL Injection
<3.5.6,>=3.6.0, <3.6.3,>=4.0.0, <4.0.1 Not available 05 Feb, 2020
  • H
Privilege Escalation
>=3.5.7, <3.5.8,>=3.6.0, <3.6.6,>=4.0.0, <4.0.4,>=4.1.0, <4.1.1 Not available 05 Feb, 2020
  • H
Open Redirect
>=4.0.0, <4.0.4 Not available 05 Feb, 2020
  • H
Arbitrary Code Execution
>=4.0.3, <4.0.4,>=4.1.0, <4.1.1 Not available 05 Feb, 2020
  • M
Information Exposure
>=4.0.0, <4.0.4 Not available 05 Feb, 2020
  • H
Denial of Service (DoS)
>=4.0.0, <4.0.5,>=4.1.0, <4.1.3,>=4.2.0, <4.2.2 Not available 05 Feb, 2020
  • M
Information Exposure
>=4.0.0, <4.0.4,>=4.1.0, <4.1.1 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.1.9, <3.1.20,>=3.2.4, <3.2.5,>=3.3.2, <3.3.3,>=3.4.0, <3.4.1 Not available 05 Feb, 2020
  • H
Information Exposure
>=3.5.0, <3.5.5,>=3.6.0, <3.6.2 Not available 05 Feb, 2020
  • H
CSV Injection
>=3.5.0, <3.5.6,>=3.6.0, <3.6.3,>=4.0.0, <4.0.1 Not available 05 Feb, 2020
  • M
Information Exposure
>=3.4.0, <3.4.6,>=3.5.0, <3.5.4 Not available 05 Feb, 2020
  • H
Cross-site Request Forgery (CSRF)
>=3.1.18, <3.1.19,>=3.2.3, <3.2.4,>=3.3.1, <3.3.2 Not available 05 Feb, 2020
  • M
Information Exposure
>=3.7.0, <3.7.1,>=4.0.0, <4.0.5,>=4.1.0, <4.1.3,>=4.2.0, <4.2.2 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.1.0, <3.1.21,>=3.2.0, <3.2.6,>=3.3.0, <3.3.4,>=3.4.0, <3.4.2 Not available 05 Feb, 2020
  • H
Cross-site Scripting (XSS)
>=3.3.2, <3.3.3,>=3.4.0, <3.4.1 Not available 05 Feb, 2020
  • H
Information Exposure
>=4.0.0, <4.0.1 Not available 05 Feb, 2020
  • M
Improper Access Control
>=3.1.19, <3.1.20,>=3.2.4, <3.2.5,>=3.3.2, <3.3.3,>=3.4.0, <3.4.1 Not available 05 Feb, 2020