GHSA-v8hp-239v-9367: OroCRM Forced Redirect to External Website

May 20, 2024

OroCRM is prone to open redirection which could allow attackers to redirect users to external website.

References

github.com/FriendsOfPHP/security-advisories/blob/master/oro/crm/2015-07-08.yaml
github.com/advisories/GHSA-v8hp-239v-9367
github.com/oroinc/crm
github.com/oroinc/crm/commit/f86a959dcd77af09e7a5a5930a60cf409924a2be
oroinc.com/orocrm/blog/orocrm-security-announcement

Code Behaviors & Features

Detect and mitigate GHSA-v8hp-239v-9367 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →