grumpydictator/firefly-iii Security Advisories for 5.4.4 (18)
-
[MEDIUM] Firefly III has a MFA bypass in oauth flow
PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w
Affected version: <6.1.17
Reported by:
GitHub -
[MEDIUM] C5 Firefly III CSV Injection.
PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc
Affected version: <6.1.7
Reported by:
GitHub -
[MEDIUM] Firefly III allows webhooks HTML Injection.
PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx
Affected version: <6.1.1
Reported by:
GitHub -
[MEDIUM] Firefly III insufficiently expires sessions
PKSA-4drh-3csm-4jht CVE-2023-1788 GHSA-h7vv-46p5-prmh
Affected version: <6.0.0
Reported by:
GitHub -
[MEDIUM] Firefly III vulnerable to improper input validation
PKSA-sjcj-wgwv-vm5s CVE-2023-1789 GHSA-mwxw-hxvp-4r2r
Affected version: <6.0.0
Reported by:
GitHub -
[MEDIUM] Improper Authorization in grumpydictator/firefly-iii
PKSA-drh1-yzxm-scym CVE-2023-0298 GHSA-7mc4-jp4f-v2j2
Affected version: <5.8.0
Reported by:
GitHub -
[HIGH] Unrestricted File Upload vulnerability in Firefly III
PKSA-w74y-9dvc-xm52 CVE-2021-3846 GHSA-5gq7-826w-8282
Affected version: <5.6.2
Reported by:
GitHub -
[MEDIUM] Cross Site Request Forgery in firefly-iii
PKSA-j7wb-ghhk-vhmf CVE-2021-4005 GHSA-hjhp-hwfj-hwf3
Affected version: <5.6.5
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-qyrk-bshg-tx6v CVE-2021-4015 GHSA-g6vq-wc8w-4g69
Affected version: <5.6.5
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-nrhm-c7xq-fhhn CVE-2021-3921 GHSA-q2cv-94xm-qvg4
Affected version: <5.6.3
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in firefly-iii
PKSA-xyvr-vw9x-99jx CVE-2021-3900 GHSA-pfj7-w373-gqch
Affected version: <=5.6.2
Reported by:
GitHub -
[LOW] Cross-Site Request Forgery in firefly-iii
PKSA-4xxh-kddp-ggvd CVE-2021-3901 GHSA-rqgp-ccph-5w65
Affected version: <=5.6.2
Reported by:
GitHub -
[MEDIUM] Open Redirect in firefly-iii
PKSA-xth5-bkjy-jks2 CVE-2021-3851 GHSA-5fvx-5p2r-4mvp
Affected version: <5.6.2
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in firefly-iii
PKSA-7gw2-ck6c-56ry CVE-2021-3819 GHSA-356r-77q8-f64f
Affected version: <5.6.1
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-kkxm-4vhh-v3rz CVE-2021-3728 GHSA-xp5q-77mh-6hm2
Affected version: <5.6.0
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-kydm-j49j-gwdm CVE-2021-3730 GHSA-c676-mcw3-qg55
Affected version: <5.6.0
Reported by:
GitHub -
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-9jqz-6fy2-4xsk CVE-2021-3729 GHSA-gp6w-ccqv-p7qr
Affected version: <5.6.0
Reported by:
GitHub -
[MEDIUM] No Restriction of Excessive Authentication Attempts in Firefly III
PKSA-pjpb-nz4z-5w2t CVE-2021-3663 GHSA-56cx-wf47-hx7w
Affected version: <5.5.13
Reported by:
GitHub