CVE-2024-22075: Firefly III allows webhooks HTML Injection.

January 5, 2024

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

References

github.com/advisories/GHSA-vwv2-9wcj-64vx
github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
nvd.nist.gov/vuln/detail/CVE-2024-22075

Detect and mitigate CVE-2024-22075 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →