CVE-2021-4005: Cross-Site Request Forgery (CSRF)

December 4, 2021 (updated December 6, 2021)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

References

github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
nvd.nist.gov/vuln/detail/CVE-2021-4005

Code Behaviors & Features

Detect and mitigate CVE-2021-4005 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →