firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

🗓️ 25 Aug 2021 14:17:50Reported by GitHub Advisory DatabaseType

firefly-iii CSRF vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Huntr	Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii	20 Aug 202107:06	–	huntr
CNVD	firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2021-101213)	25 Aug 202100:00	–	cnvd
Cvelist	CVE-2021-3728 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii	23 Aug 202112:41	–	cvelist
Prion	Cross site request forgery (csrf)	23 Aug 202113:15	–	prion
OSV	CVE-2021-3728	23 Aug 202113:15	–	osv
OSV	GHSA-XP5Q-77MH-6HM2 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)	25 Aug 202114:50	–	osv
Veracode	Cross-Site Request Forgery (CSRF)	24 Aug 202107:13	–	veracode
CVE	CVE-2021-3728	23 Aug 202113:15	–	cve
NVD	CVE-2021-3728	23 Aug 202113:15	–	nvd

Vulners

Node

grumpydictator firefly-iiiRange<5.6.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-3728
github	www.github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
huntr	www.huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
github	www.github.com/advisories/GHSA-xp5q-77mh-6hm2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Aug 2021 14:50Current

6.3Medium risk

Vulners AI Score6.3

CVSS24.3

CVSS36.5

EPSS0.00111

CWE-352