MAL-2025-20104 Malicious code in extension-point-as-vanity-pricing (npm)

The package extension-point-as-vanity-pricing was found to contain malicious code...

Malicious code in extension-point-as-vanity-pricing (npm)

The package extension-point-as-vanity-pricing was found to contain malicious code...

silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`

After performing a password reset, ChangePasswordForm::doChangePassword logs in the user without checking Member::canLogIn. This presents an issue for sites that are using the extension point in that method to deny access to users for example members that have not been “approved”, or members that...

PT-2024-40391 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue arises after a password reset, where the ChangePasswordForm::doChangePassword function logs in the user without checking Member::canLogIn. This...

GHSA-2XVX-RW9P-XGFC Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin

Pipeline: Groovy Plugin allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could ...