GHSA-gr23-g276-xc73
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gr23-g276-xc73
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-gr23-g276-xc73/GHSA-gr23-g276-xc73.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gr23-g276-xc73
- Aliases
-
- CVE-2021-22954
- Published
- 2022-02-11T00:00:58Z
- Modified
- 2024-12-05T05:39:01.699394Z
- Summary
- Cross Site Request Forgery in concrete5/concrete5
- Details
-
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.
- Database specific
{ "nvd_published_at": "2022-02-09T23:15:00Z", "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-02-16T22:54:59Z" }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.0
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4