Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13bTMyLTNyNG0tanZjY84AAwzP
Symbiote Seed Open Redirect vulnerability
A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin
of the file code/extensions/SecurityLoginExtension.php
of the component Login
. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 can address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bTMyLTNyNG0tanZjY84AAwzP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 6 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-wm32-3r4m-jvcc, CVE-2017-20164
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-20164
- https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244
- https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3
- https://github.com/advisories/GHSA-wm32-3r4m-jvcc
Blast Radius: 0.0
Affected Packages
packagist:symbiote/silverstripe-seed
Dependent packages: 3Dependent repositories: 1
Downloads: 2,925 total
Affected Version Ranges: < 6.0.3
Fixed in: 6.0.3
All affected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 3.0.0, 4.0.0, 4.0.1, 5.0.0, 6.0.0, 6.0.1, 6.0.2
All unaffected versions: 6.0.3, 6.0.4, 6.1.0, 6.2.0, 6.3.0, 6.3.1, 6.3.2, 7.0.0, 7.0.1, 7.0.2, 8.0.0, 8.1.0, 8.1.1, 8.1.2