SS-2015-017: CSRF Vulnerability
A number of form actions in the Forum module are directly accessible. A malicious user (e.g. spammer) can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting in a topic being moved.
References
Detect and mitigate SS-2015-017 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →