Security Advisories - grumpydictator/firefly-iii

grumpydictator/firefly-iii Security Advisories for 5.6.1 (13)

[MEDIUM] Firefly III has a MFA bypass in oauth flow

PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w

Affected version: <6.1.17

Reported by:
GitHub
[MEDIUM] C5 Firefly III CSV Injection.

PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc

Affected version: <6.1.7

Reported by:
GitHub
[MEDIUM] Firefly III allows webhooks HTML Injection.

PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx

Affected version: <6.1.1

Reported by:
GitHub
[MEDIUM] Firefly III insufficiently expires sessions

PKSA-4drh-3csm-4jht CVE-2023-1788 GHSA-h7vv-46p5-prmh

Affected version: <6.0.0

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to improper input validation

PKSA-sjcj-wgwv-vm5s CVE-2023-1789 GHSA-mwxw-hxvp-4r2r

Affected version: <6.0.0

Reported by:
GitHub
[MEDIUM] Improper Authorization in grumpydictator/firefly-iii

PKSA-drh1-yzxm-scym CVE-2023-0298 GHSA-7mc4-jp4f-v2j2

Affected version: <5.8.0

Reported by:
GitHub
[HIGH] Unrestricted File Upload vulnerability in Firefly III

PKSA-w74y-9dvc-xm52 CVE-2021-3846 GHSA-5gq7-826w-8282

Affected version: <5.6.2

Reported by:
GitHub
[MEDIUM] Cross Site Request Forgery in firefly-iii

PKSA-j7wb-ghhk-vhmf CVE-2021-4005 GHSA-hjhp-hwfj-hwf3

Affected version: <5.6.5

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-qyrk-bshg-tx6v CVE-2021-4015 GHSA-g6vq-wc8w-4g69

Affected version: <5.6.5

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-nrhm-c7xq-fhhn CVE-2021-3921 GHSA-q2cv-94xm-qvg4

Affected version: <5.6.3

Reported by:
GitHub
[MEDIUM] Cross-Site Request Forgery in firefly-iii

PKSA-xyvr-vw9x-99jx CVE-2021-3900 GHSA-pfj7-w373-gqch

Affected version: <=5.6.2

Reported by:
GitHub
[LOW] Cross-Site Request Forgery in firefly-iii

PKSA-4xxh-kddp-ggvd CVE-2021-3901 GHSA-rqgp-ccph-5w65

Affected version: <=5.6.2

Reported by:
GitHub
[MEDIUM] Open Redirect in firefly-iii

PKSA-xth5-bkjy-jks2 CVE-2021-3851 GHSA-5fvx-5p2r-4mvp

Affected version: <5.6.2

Reported by:
GitHub

grumpydictator/firefly-iii Security Advisories for 5.6.1 (13)

[MEDIUM] Firefly III has a MFA bypass in oauth flow

[MEDIUM] C5 Firefly III CSV Injection.

[MEDIUM] Firefly III allows webhooks HTML Injection.

[MEDIUM] Firefly III insufficiently expires sessions

[MEDIUM] Firefly III vulnerable to improper input validation

[MEDIUM] Improper Authorization in grumpydictator/firefly-iii

[HIGH] Unrestricted File Upload vulnerability in Firefly III

[MEDIUM] Cross Site Request Forgery in firefly-iii

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] Cross-Site Request Forgery in firefly-iii

[LOW] Cross-Site Request Forgery in firefly-iii

[MEDIUM] Open Redirect in firefly-iii