GHSA-vh7q-j8p5-2h4h

Source

https://github.com/advisories/GHSA-vh7q-j8p5-2h4h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vh7q-j8p5-2h4h/GHSA-vh7q-j8p5-2h4h.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vh7q-j8p5-2h4h

Published

2024-05-27T23:21:53Z

Modified

2024-12-02T05:45:50.723452Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

silverstripe/framework sends passwords back to browsers under some circumstances

Details

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.

Database specific

{
    "cwe_ids": [],
    "github_reviewed_at": "2024-05-27T23:21:53Z",
    "severity": "LOW",
    "github_reviewed": true,
    "nvd_published_at": null
}

References

Affected packages

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.5.5-rc1

Fixed

3.7.0

Affected versions

3.*

3.5.5

3.5.6-rc1

3.5.6

3.5.7

3.5.8-rc1

3.5.8

3.6.0-beta1

3.6.0-beta2

3.6.0-rc1

3.6.0

3.6.1-alpha2

3.6.1

3.6.2-beta1

3.6.2-beta2

3.6.2

3.6.3-rc2

3.6.3

3.6.4

3.6.5

3.6.6-rc1

3.6.6

3.6.7

3.6.8

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.3-rc1

Fixed

4.0.4

Affected versions

4.*

4.0.3

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0-rc1

Fixed

4.1.1

Affected versions

4.*

4.1.0-rc1

4.1.0-rc2

4.1.0