Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04YzZxLTI2dzYtcXdoZ84AA0u3
Easy!Appointments Improper Access Control vulnerability
Easy!Appointments 1.4.3 and prior has an Improper Access Control vulnerability. This issue is patched at commit b37b46019553089db4f22eb2fe998bca84b2cb64 and anticipated to be part of version 1.5.0.
Permalink: https://github.com/advisories/GHSA-8c6q-26w6-qwhgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04YzZxLTI2dzYtcXdoZ84AA0u3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 6 months ago
CVSS Score: 6.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-8c6q-26w6-qwhg, CVE-2023-3700
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-3700
- https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64
- https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8
- https://github.com/advisories/GHSA-8c6q-26w6-qwhg
Blast Radius: 1.0
Affected Packages
packagist:alextselegidis/easyappointments
Dependent packages: 0Dependent repositories: 0
Downloads: 228 total
Affected Version Ranges: <= 1.4.3
Fixed in: 1.5.0
All affected versions: 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3
All unaffected versions: