Vulnerability Database
Blog
FAQ
Docs
GHSA-7v7w-f7c6-f829
Source
https://github.com/advisories/GHSA-7v7w-f7c6-f829
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-7v7w-f7c6-f829/GHSA-7v7w-f7c6-f829.json
Aliases
CVE-2021-4111
Published
2021-12-16T21:01:15Z
Modified
2023-11-08T04:06:51.482569Z
Details
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-4111
https://github.com/yetiforcecompany/yetiforcecrm/commit/c1ad7111a090adfcd5898af40724907adc987acf
https://github.com/yetiforcecompany/yetiforcecrm
https://huntr.dev/bounties/8afc8981-baff-4082-b640-be535b29eb9a
Affected packages
Packagist
/
yetiforce/yetiforce-crm
Package
Name
yetiforce/yetiforce-crm
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
The exact introduced commit is unknown
Last affected
6.3.0
Affected versions
4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.4.0_RC1
4.4.0_RC2
4.4.0_RC3
4.4.0
5.*
5.0.0
5.1.0
5.2.0
5.3.0
6.*
6.0.0a
6.0.0
6.1.0
6.2.0
6.3.0
GHSA-7v7w-f7c6-f829 - OSV