GHSA-ppq7-88c7-q879

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-ppq7-88c7-q879/GHSA-ppq7-88c7-q879.json
Aliases
  • CVE-2021-25976
Published
2021-11-17T23:42:40Z
Modified
2023-01-31T02:41:43.882041Z
Details

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

References

Affected packages

NuGet / Piranha

Piranha

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0-alpha1
Fixed
10.0-alpha1

Affected versions

4.*

4.0.0
4.0.0-alpha1
4.0.0-alpha3
4.0.0-alpha4
4.0.0-alpha5
4.0.0-alpha6
4.0.0-alpha7
4.0.0-alpha7-1
4.0.0-alpha8
4.0.0-alpha9
4.0.0-beta1
4.0.0-rc1
4.1.0
4.1.0-alpha1
4.1.0-beta1
4.1.0-beta2
4.1.1
4.2.0
4.2.0-alpha1
4.2.0-alpha2
4.2.0-beta1
4.2.1
4.3.0
4.3.0-beta1

5.*

5.0.0
5.0.0-alpha1
5.0.0-beta1
5.1.0
5.1.0-alpha1
5.1.0-alpha2
5.1.0-beta1
5.1.1
5.1.2
5.2.0
5.2.0-beta1
5.2.0-beta2
5.2.1
5.3.0
5.3.0-beta1
5.3.1
5.4.0

6.*

6.0.0
6.0.1
6.1.0

7.*

7.0.0
7.0.0-alpha1
7.0.0-alpha2
7.0.0-alpha3
7.0.0-beta1
7.0.0-rc1
7.0.1
7.0.2
7.0.3
7.1.0

8.*

8.0.0
8.0.1
8.0.2
8.1.0
8.2.0
8.3.0
8.4.0
8.4.1
8.4.2

9.*

9.0.0
9.0.0-beta1
9.0.0-rc1
9.0.0-rc2
9.0.1
9.1.0
9.1.0-alpha1
9.1.0-alpha2
9.1.0-beta1
9.1.1
9.2.0

Database specific

{
    "last_known_affected_version_range": "<= 9.2.0"
}