Homepage

silverstripe/framework

Licenses: (GPL-2.0 OR MIT) | BSD-3-Clause | MIT | (BSD-3-Clause OR GPL-2.0 OR MIT)

License

(GPL-2.0 OR MIT)>=2.4.9, <3.6.7;
BSD-3-Clause>=4.0.0-alpha6;
MIT>=4.0.0-alpha1, <4.0.0-alpha6;
(BSD-3-Clause OR GPL-2.0 OR MIT)>=3.6.7, <4.0.0-alpha1;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the silverstripe/framework package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Observable Discrepancy

>=4.0.0, <5.3.23
  • M
Cross-site Scripting (XSS)

<5.3.23
  • M
Cross-site Scripting (XSS)

<5.3.8
  • M
Cross-site Scripting (XSS)

<5.3.8
  • M
Cross-site Scripting (XSS)

<5.3.8
  • M
Cross-site Scripting (XSS)

<5.2.16
  • H
SQL Injection

>=4.0.0-rc1, <4.0.6>=4.1.0-rc1, <4.1.4>=4.2.0-rc1, <4.2.3
  • M
Information Exposure Through an Error Message

>=3.7.0-rc1, <3.7.1>=4.0.0-rc1, <4.0.5>=4.1.0-rc1, <4.1.3>=4.2.0-rc1, <4.2.2
  • L
Information Exposure

>=3.5.5-rc1, <3.7.0>=4.0.3-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • H
Unrestricted Upload of File with Dangerous Type

>=3.6.5-rc1, <3.6.6>=4.0.3-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • M
Information Exposure

>=4.0.0-rc1, <4.0.4>=4.1.0rc1, <4.1.1
  • H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

>=4.0.3-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • H
URL Redirection to Untrusted Site ('Open Redirect')

>=4.0.0-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • M
Privilege Escalation

>=3.5.7-rc1, <3.5.8>=3.6.0-rc1, <3.6.6>=4.0.0-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • M
Information Exposure

>=4.0.0-rc1, <4.0.1
  • H
Missing Encryption of Sensitive Data

>=3.5.0-rc1, <3.5.6>=3.6.0-rc1, <3.6.3>=4.0.0-rc1, <4.0.1
  • H
SQL Injection

>=3.5.0-rc1, <3.5.6>=3.6.0-rc1, <3.6.3>=4.0.0-rc1, <4.0.1
  • H
Session Fixation

>=3.5.0-rc1, <3.5.6>=3.6.0-rc1, <3.6.3
  • M
Cross-site Scripting (XSS)

>=3.4.0-rc1, <3.4.6>=3.5.0-rc1, <3.5.4
  • M
Cross-site Scripting (XSS)

>=3.4.0-rc1, <3.4.6>=3.5.0-rc1, <3.5.4
  • M
Information Exposure

>=3.4.0-rc1, <3.4.6>=3.5.0-rc1, <3.5.4
  • M
Cross-site Scripting (XSS)

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Cross-site Scripting (XSS)

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Cross-site Scripting (XSS)

>=3.1.0-rc1, <3.1.21>=3.2.0-rc1, <3.2.6>=3.3.0-rc1, <3.3.4>=3.4.0-rc1, <3.4.2
  • M
Cross-site Scripting (XSS)

>=3.4.0-rc1, <3.4.4>=3.5.0-rc1, <3.5.2
  • L
Insufficient Session Expiration

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Cross-site Scripting (XSS)

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Improper Authentication

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Missing Authorization

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • L
Use of a One-Way Hash without a Salt

>=3.1.19-rc1, <3.1.20>=3.2.4-rc1, <3.2.5>=3.3.2-rc1, <3.3.3>=3.4.0-rc1, <3.4.1
  • M
Improper Input Validation

>=4.0.0-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • M
Information Exposure

>=4.0.0-rc1, <4.0.4>=4.1.0-rc1, <4.1.1
  • M
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

<3.5.6>=3.6.0, <3.6.3>=4.0.0, <4.0.1
  • M
Information Exposure

>=3.0.0, <4.13.39>=5.0.0, <5.1.11
  • M
Open Redirect

<3.1.14
  • M
Weak Password Requirements

<4.13.14>=5.0.0, <5.0.13
  • M
Insecure Permissions

>=4.0.0, <4.12.5
  • M
Open Redirect

>=4.0.0, <4.12.5
  • M
Cross-site Scripting (XSS)

>=3.0.0, <4.11.13
  • M
Cross-site Scripting (XSS)

>=3.0.0, <4.11.13
  • H
SQL Injection

>=3.0.0, <4.10.11>=4.11.0, <4.11.14
  • M
Cross-site Scripting (XSS)

>=3.0.0, <4.11.13
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.11.13
  • M
Denial of Service (DoS)

<4.10.9
  • M
Cross-site Scripting (XSS)

<4.10.9
  • M
Cross-site Scripting (XSS)

<4.10.9
  • L
Improper Input Validation

>=4.8.0-beta1, <4.8.0>=3.0.0, <4.7.4
  • L
XML External Entity (XXE) Injection

>=4.8.0-beta1, <4.8.0<4.7.4
  • M
Cache Poisoning

>=4.0.0, <4.4.7>=4.5.0, <4.5.4>=3.0.0, <3.7.5
  • M
Cross-site Scripting (XSS)

>=3.0.0, <3.7.5
  • M
Information Exposure

<4.4.6>=4.5.0, <4.5.3
  • H
Cross-site Scripting (XSS)

>=4.4.0, <4.4.5>=4.5.0, <4.5.2
  • H
Information Exposure

>=3.5.0, <3.5.5>=3.6.0, <3.6.2
  • M
Information Exposure

>=4.0.0, <4.0.4
  • H
Cross-site Scripting (XSS)

>=3.1.0, <3.1.21>=3.2.0, <3.2.6>=3.3.0, <3.3.4>=3.4.0, <3.4.2
  • H
Privilege Escalation

>=3.5.7, <3.5.8>=3.6.0, <3.6.6>=4.0.0, <4.0.4>=4.1.0, <4.1.1
  • H
Cross-site Scripting (XSS)

<3.4.6>=3.5.0, <3.5.4
  • C
Information Exposure

>=4.0.0, <4.0.1
  • M
Session Hijacking

>=3.5.0, <3.5.6>=3.6.0, <3.6.3
  • M
Cross-site Scripting (XSS)

>=3.0.0, <4.3.5>=4.4.0, <4.4.4
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.3.5>=4.4.0, <4.4.4
  • H
CSV Injection

>=3.5.0, <3.5.6>=3.6.0, <3.6.3>=4.0.0, <4.0.1
  • H
Cross-site Scripting (XSS)

>=3.1.18, <3.1.19>=3.2.3, <3.2.4>=3.3.1, <3.3.2
  • H
Denial of Service (DoS)

>=4.0.0, <4.0.5>=4.1.0, <4.1.3>=4.2.0, <4.2.2
  • M
Information Exposure

>=4.0.0, <4.0.4>=4.1.0, <4.1.1
  • M
Improper Access Control

>=3.1.19, <3.1.20>=3.2.4, <3.2.5>=3.3.2, <3.3.3>=3.4.0, <3.4.1
  • C
Unrestricted Upload

>=3.6.5, <3.6.6>=4.0.3, <4.0.4>=4.1.0, <4.1.1
  • H
Cross-site Scripting (XSS)

<3.4.4>=3.5.0, <3.5.2
  • H
Cross-site Scripting (XSS)

>=3.1.19, <3.1.20>=3.2.4, <3.2.5>=3.3.2, <3.3.3>=3.4.0, <3.4.1
  • H
Cross-site Scripting (XSS)

>=3.3.2, <3.3.3>=3.4.0, <3.4.1
  • C
Cross-site Scripting (XSS)

>=3.1.9, <3.1.20>=3.2.4, <3.2.5>=3.3.2, <3.3.3>=3.4.0, <3.4.1
  • C
SQL Injection

<3.5.6>=3.6.0, <3.6.3>=4.0.0, <4.0.1
  • C
Open Redirect

>=4.0.0, <4.0.4
  • M
Information Exposure

>=3.7.0, <3.7.1>=4.0.0, <4.0.5>=4.1.0, <4.1.3>=4.2.0, <4.2.2
  • L
Improper Restriction of Excessive Authentication Attempts

>=3.1.18, <3.1.19>=3.2.3, <3.2.4>=3.3.1, <3.3.2
  • M
Information Exposure

>=3.4.0, <3.4.6>=3.5.0, <3.5.4
  • H
Cross-site Scripting (XSS)

<3.4.6>=3.5.0, <3.5.4
  • H
Cross-site Request Forgery (CSRF)

>=3.1.18, <3.1.19>=3.2.3, <3.2.4>=3.3.1, <3.3.2
  • H
Arbitrary Code Execution

>=4.0.3, <4.0.4>=4.1.0, <4.1.1
  • C
Cross-site Scripting (XSS)

>=3.1.18, <3.1.19>=3.2.3, <3.2.4>=3.3.1, <3.3.2
  • M
Improper Authentication

>=3.1.19, <3.1.20>=3.2.4, <3.2.5>=3.3.2, <3.3.3>=3.4.0, <3.4.1
  • M
Improper Access Control

>=4.4.0, <4.4.4>=4.3.0, <4.3.6
  • C
Incorrect Access Control

>=4.1.0, <4.3.6>=4.4.0, <4.4.4
  • L
Session Fixation

>=3.6.0, <3.6.8>=3.7.0, <3.7.4>=4.3.0, <4.3.6>=4.4.0, <4.4.4
  • M
Denial of Service (DoS)

>=4.0.0, <4.4.0
  • H
SQL Injection

>=3.6.0, <3.6.7>=3.7.0, <3.7.3>=4.0.0, <4.0.7>=4.1.0, <4.1.5>=4.2.0, <4.2.4>=4.3.0, <4.3.1
  • M
Access Restriction Bypass

<2.3.10>=2.4.0, <2.4.4
  • M
IP and Protocol Spoofing

<3.1.17>=3.2.0, <3.2.2>=3.3-alpha, <3.3.0
  • L
Access Restriction Bypass

<3.1.17>=3.2.0, <3.2.2>=3.3-alpha, <3.3.0
  • M
Cross-site Request Forgery (CSRF)

<3.1.17>=3.2.0, <3.2.2>=3.3-alpha, <3.3.0
  • L
Cross-site Scripting (XSS)

<3.2.1
  • M
Cross-site Scripting (XSS)

<3.1.16>=3.2.0, <3.2.1
  • M
Cross-site Scripting (XSS)

<3.1.14
  • M
Cross-site Scripting (XSS)

<3.1.14
  • M
HTTP Hostname Injection

<3.1.13
  • M
Access Restriction Bypass

>=3.1.0, <3.1.13<3.0.14
  • M
Open Redirect

>=3.1.0, <3.1.13<3.0.14
  • M
SQL Injection

>=3.1.0, <3.1.13<3.0.14
  • M
Cross-site Scripting (XSS)

<3.1.12
  • M
Cross-site Scripting (XSS)

>=3.1.0, <3.1.12<3.0.13
  • H
Arbitrary Code Injection

>=3.1.0, <3.1.12<3.0.13
  • M
Cross-site Scripting (XSS)

<3.1.10
  • M
Cross-site Scripting (XSS)

<3.1.10
  • M
Cross-site Scripting (XSS)

<3.1.10
  • L
Quadratic Blowup Attack

<3.1.12