Security Advisories - grumpydictator/firefly-iii - Packagist

grumpydictator/firefly-iii Security Advisories for v6.0.23 (3)

[MEDIUM] Firefly III has a MFA bypass in oauth flow

PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w

Affected version: <6.1.17

Reported by:
GitHub
[MEDIUM] C5 Firefly III CSV Injection.

PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc

Affected version: <6.1.7

Reported by:
GitHub
[MEDIUM] Firefly III allows webhooks HTML Injection.

PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx

Affected version: <6.1.1

Reported by:
GitHub