GHSA-jjcx-999m-35hc

Source

https://github.com/advisories/GHSA-jjcx-999m-35hc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-jjcx-999m-35hc/GHSA-jjcx-999m-35hc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jjcx-999m-35hc

Aliases

CVE-2019-14671

Published

2021-09-08T17:27:07Z

Modified

2023-11-08T04:01:10.645949Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Improper Input Validation in Firefly III

Details

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

Database specific

{
    "nvd_published_at": "2019-08-05T20:15:00Z",
    "github_reviewed_at": "2021-07-22T21:50:38Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Packagist / grumpydictator/firefly-iii

Package

Name: grumpydictator/firefly-iii
Purl: pkg:composer/grumpydictator/firefly-iii

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.17.4

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.4

3.4.0.1

3.4.0.2

3.4.0.3

3.4.0.4

3.4.0.5

3.4.0.6

3.4.0.7

3.4.0.8

3.4.0.9

3.4.0.10

3.4.1

3.4.2

3.4.3

3.4.4

3.4.4.1

3.4.4.2

3.4.5

3.4.6

3.4.6.1

3.4.7

3.4.8

3.4.9

3.4.10

3.4.11

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.6.1

3.6.0

3.6.1

3.7.0

3.7.1

3.7.2

3.7.2.1

3.7.2.2

3.7.2.3

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

3.9.0

3.9.1

3.10

3.10.1

3.10.2

3.10.3

3.10.4

4.*

4.0.0

4.0.1

4.0.2

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.6.0

4.6.1

4.6.2

4.6.3

4.6.3.1

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.9

4.6.10

4.6.11

4.6.11.1

4.6.12

4.6.13

4.7.0

4.7.1

4.7.1.1

4.7.1.2

4.7.1.3

4.7.1.4

4.7.2

4.7.2.1

4.7.2.2

4.7.3

4.7.3.1

4.7.3.2

4.7.4

4.7.5

4.7.5.1

4.7.5.2

4.7.5.3

4.7.6

4.7.6.1

4.7.6.2

4.7.7

4.7.8

4.7.9

4.7.10

4.7.11

4.7.12

4.7.12.1

4.7.13

4.7.14

4.7.15

4.7.16

4.7.17

4.7.17.1

4.7.17.2

4.7.17.3

Database specific

{
    "last_known_affected_version_range": "<= 4.7.17.3"
}