CVE-2021-39198

Cross-Site Request Forgery (CSRF) in packagist/oro/crm

Identifiers

CVE-2021-39198, GHSA-vf7h-6246-hm43

Package Slug

packagist/oro/crm

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.

Affected Versions

All versions starting from 3.1.0 up to 3.1.24, all versions starting from 4.1.0 up to 4.1.15, all versions starting from 4.2.0 up to 4.2.5

Solution

Upgrade to versions 4.0.0, 4.2.6 or above.

Last Modified

2021-11-24

source