CVE-2022-39281
- Source
- https://cve.org/CVERecord?id=CVE-2022-39281
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39281.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-39281
- Aliases
- Published
- 2022-10-08T00:00:00Z
- Modified
- 2026-04-10T04:50:20.320323Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Remote Denial of Service via Tasks endpoint in fat_free_crm
- Details
-
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit
c85a254and will be available in release0.20.1. Users are advised to upgrade or to manually apply patchc85a254. There are no known workarounds for this issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39281.json" }- References
-
- https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.20.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39281.json
- https://github.com/fatfreecrm/fat_free_crm/security/advisories/GHSA-p75c-5x3h-cxcg
- https://nvd.nist.gov/vuln/detail/CVE-2022-39281
- https://github.com/fatfreecrm/fat_free_crm/commit/c85a2546348c2692d32f952c753f7f0b43d1ca71
Affected packages
Git / github.com/fatfreecrm/fat_free_crm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fatfreecrm/fat_free_crm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed