CVE-2022-0269: Cross-Site Request Forgery (CSRF)

January 27, 2022 (updated January 31, 2022)

Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.

References

github.com/advisories/GHSA-7g7r-gr46-q4p5
github.com/yetiforcecompany/yetiforcecrm/commit/298c7870e6fe4332d8aa1757a9c8d79f841389ff
huntr.dev/bounties/a0470915-f6df-45b8-b3a2-01aebe764df0
nvd.nist.gov/vuln/detail/CVE-2022-0269

Detect and mitigate CVE-2022-0269 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →