[MEDIUM] Firefly III has a MFA bypass in oauth flow

PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w

Affected version: <6.1.17

Reported by:
GitHub

[MEDIUM] C5 Firefly III CSV Injection.

PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc

Affected version: <6.1.7

Reported by:
GitHub