GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog

Moderate EPSS: 0.00186% (0.41041 Percentile) EPSS:

Permalink JSON

YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	<= 6.3.0	No known fixed version
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0

YetiForceCRM is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4117
https://github.com/yetiforcecompany/yetiforcecrm/commit/8dccd93442725f245b4b71986bbe6f4f48639239
https://huntr.dev/bounties/0b81e572-bdc9-4caf-aa02-81f3c7ad7c0a
https://github.com/advisories/GHSA-cxg7-84wp-8pcq

Identifiers

GHSA-cxg7-84wp-8pcq

CVE-2021-4117

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00186

EPSS Percentile: 0.41041

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories