CVE-2021-28661

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-28661
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28661.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28661
Aliases
Published
2021-10-07T15:15:10Z
Modified
2024-10-12T07:11:46.709832Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.

References

Affected packages

Git / github.com/silverstripe/silverstripe-cms

Affected ranges

Type
GIT
Repo
https://github.com/silverstripe/silverstripe-cms
Events
Type
GIT
Repo
https://github.com/silverstripe/silverstripe-framework
Events

Affected versions

2.*

2.4.10
2.4.6
2.4.7
2.4.8
2.4.8-rc1
2.4.9

3.*

3.0.0
3.0.0-rc3
3.0.1
3.0.1-rc1
3.0.1-rc2
3.0.1-rc3
3.0.10
3.0.10-rc1
3.0.11
3.0.11-rc1
3.0.2
3.0.2-rc1
3.0.2-rc2
3.0.3
3.0.3-rc1
3.0.3-rc2
3.0.4
3.0.5
3.0.6
3.0.6-rc1
3.0.6-rc2
3.0.7
3.0.8
3.0.9
3.0.9-rc1
3.1.0
3.1.0-beta1
3.1.0-beta2
3.1.0-beta3
3.1.0-rc1
3.1.0-rc3
3.1.1
3.1.10
3.1.10-rc1
3.1.10-rc2
3.1.11
3.1.11-rc1
3.1.12
3.1.13
3.1.13-rc1
3.1.14
3.1.14-rc1
3.1.15
3.1.16
3.1.16-rc1
3.1.17
3.1.17-rc1
3.1.17-rc2
3.1.18
3.1.18-rc1
3.1.18-rc2
3.1.19
3.1.19-rc1
3.1.2
3.1.2-rc1
3.1.20-rc1
3.1.3
3.1.3-rc1
3.1.3-rc2
3.1.4
3.1.4-rc1
3.1.5
3.1.5-rc1
3.1.6
3.1.6-rc1
3.1.6-rc2
3.1.6-rc3
3.1.7
3.1.7-rc1
3.1.8
3.1.9
3.1.9-rc1
3.2.0
3.2.0-beta1
3.2.0-beta2
3.2.0-rc1
3.2.0-rc2
3.2.1
3.2.1-rc1
3.2.1-rc2
3.2.2
3.2.2-rc1
3.2.2-rc2
3.2.3
3.2.3-rc1
3.2.3-rc2
3.2.4
3.2.4-rc1
3.2.5-rc1
3.3.0
3.3.0-beta1
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.1
3.3.1-rc1
3.3.1-rc2
3.3.2
3.3.2-rc1
3.3.3-rc1
3.4.0
3.4.0-rc1
3.4.1
3.4.1-rc1
3.4.1-rc2