Advisories for Composer/Flarum/Framework package

2024

Flarum's logout Route allows open redirects

The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. Sample: example.com/logout?return=https://google.com. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. Some ecosystem extensions modifying the logout …

2023

Server-Side Request Forgery (SSRF)

Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to …

2022

Exposure of Sensitive Information to an Unauthorized Actor

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.