grumpydictator/firefly-iii Security Advisories for 5.6.4 (8)
-
[MEDIUM] Firefly III has a MFA bypass in oauth flow
PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w
Affected version: <6.1.17
Reported by:
GitHub -
[MEDIUM] C5 Firefly III CSV Injection.
PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc
Affected version: <6.1.7
Reported by:
GitHub -
[MEDIUM] Firefly III allows webhooks HTML Injection.
PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx
Affected version: <6.1.1
Reported by:
GitHub -
[MEDIUM] Firefly III insufficiently expires sessions
PKSA-4drh-3csm-4jht CVE-2023-1788 GHSA-h7vv-46p5-prmh
Affected version: <6.0.0
Reported by:
GitHub -
[MEDIUM] Firefly III vulnerable to improper input validation
PKSA-sjcj-wgwv-vm5s CVE-2023-1789 GHSA-mwxw-hxvp-4r2r
Affected version: <6.0.0
Reported by:
GitHub -
[MEDIUM] Improper Authorization in grumpydictator/firefly-iii
PKSA-drh1-yzxm-scym CVE-2023-0298 GHSA-7mc4-jp4f-v2j2
Affected version: <5.8.0
Reported by:
GitHub -
[MEDIUM] Cross Site Request Forgery in firefly-iii
PKSA-j7wb-ghhk-vhmf CVE-2021-4005 GHSA-hjhp-hwfj-hwf3
Affected version: <5.6.5
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-qyrk-bshg-tx6v CVE-2021-4015 GHSA-g6vq-wc8w-4g69
Affected version: <5.6.5
Reported by:
GitHub