grumpydictator/firefly-iii Security Advisories for v6.0.23 (3)
-
[MEDIUM] Firefly III has a MFA bypass in oauth flow
PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w
Affected version: <6.1.17
Reported by:
GitHub -
[MEDIUM] C5 Firefly III CSV Injection.
PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc
Affected version: <6.1.7
Reported by:
GitHub -
[MEDIUM] Firefly III allows webhooks HTML Injection.
PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx
Affected version: <6.1.1
Reported by:
GitHub