GSA_kwCzR0hTQS12NGNyLW01ZjgtZ3h3OM0a0Q

Moderate EPSS: 0.00098% (0.28484 Percentile) EPSS:

Permalink JSON

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	< 6.3.0	6.3.0
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0 All unaffected versions 6.3.0, 6.4.0, 6.5.0, 7.0.0

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF).

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4092
https://github.com/yetiforcecompany/yetiforcecrm/commit/585da04bb72d36a894f6ea5939ab909e53fd8c23
https://huntr.dev/bounties/7b58c160-bb62-45fe-ad1f-38354378b89e
https://github.com/advisories/GHSA-v4cr-m5f8-gxw8

Identifiers

GHSA-v4cr-m5f8-gxw8

CVE-2021-4092

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00098

EPSS Percentile: 0.28484

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories