Описание
fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be available in release 0.20.1. Users are advised to upgrade or to manually apply patch c85a254. There are no known workarounds for this issue.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.20.1 (исключая)
cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 67%
0.00545
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
EPSS
Процентиль: 67%
0.00545
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo