GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow

High EPSS: 0.00177% (0.39927 Percentile) EPSS:

Permalink JSON

YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	<= 6.3.0	No known fixed version
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0

YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4111
https://github.com/yetiforcecompany/yetiforcecrm/commit/c1ad7111a090adfcd5898af40724907adc987acf
https://huntr.dev/bounties/8afc8981-baff-4082-b640-be535b29eb9a
https://github.com/advisories/GHSA-7v7w-f7c6-f829

Identifiers

GHSA-7v7w-f7c6-f829

CVE-2021-4111

Risk

Severity

High

EPSS

EPSS Percentage: 0.00177

EPSS Percentile: 0.39927

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories