CVE-2021-39198: Cross-Site Request Forgery (CSRF)

November 19, 2021 (updated November 23, 2021)

OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.

References

github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43
nvd.nist.gov/vuln/detail/CVE-2021-39198

Detect and mitigate CVE-2021-39198 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →