CVE-2022-39281
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-39281
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39281.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-39281
- Aliases
- Published
- 2022-10-08T01:15:08Z
- Modified
- 2024-05-14T12:13:45.974143Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit
c85a254and will be available in release0.20.1. Users are advised to upgrade or to manually apply patchc85a254. There are no known workarounds for this issue. - References
Affected packages
Git / github.com/fatfreecrm/fat_free_crm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fatfreecrm/fat_free_crm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.1
0.10.1-rc1
0.10.1-rc2
0.10.1-rc3
0.12.1
0.9.0
0.9.1
0.9.10
0.9.2
0.9.3
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8a
0.9.9
0.9.9a
ubxd-0.*
ubxd-0.12.0
ubxd-0.12.1
ubxd-0.12.2
Other
ubxd-production
v0.*
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.14.0
v0.15.0
v0.15.0-beta
v0.15.0-beta.2
v0.16.0
v0.17.0
v0.18.0
v0.19.1
v0.20.0