silverstripe/assets
Packagist6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting silverstripe/assetspage 1 of 1
- CVE-2019-12245MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.4.42019-09-25
vulnerable: 1.4.0, 1.4.1, 1.4.2, 1.4.3
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
- CVE-2020-9280HIGHCVSS 7.5EG 7.5✓ Fixed in 1.5.22020-04-15
vulnerable: 1.5.0, 1.5.1
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional sil…
- CVE-2022-29858MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.10.12022-06-28
vulnerable: 1.0.0 ... 1.9.0-rc1 (66 versions)
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
- CVE-2022-38147MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.11.12022-11-23
vulnerable: 1.0.0 ... 1.9.0-rc1 (70 versions)
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
- CVE-2022-38724MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.11.12022-11-23
vulnerable: 1.0.0 ... 1.9.0-rc1 (70 versions)
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
- CVE-2026-24749MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.1.32026-04-16
vulnerable: 3.0.0 ... 3.1.2 (7 versions)
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() inc…
Check whether silverstripe/assets is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for silverstripe/assets CVEs against the assets you own.
Start Free Scan →