CVE-2021-39198, GHSA-vf7h-6246-hm43
packagist/oro/crm
Cross-Site Request Forgery (CSRF)
OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.
All versions starting from 3.1.0 up to 3.1.24, all versions starting from 4.1.0 up to 4.1.15, all versions starting from 4.2.0 up to 4.2.5
Upgrade to versions 4.0.0, 4.2.6 or above.
2021-11-24
source |