CVE-2022-39281

Published: Oct 8, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.

Affected (1)

Products: Fatfreecrm: Fatfreecrm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fatfreecrm Fatfreecrm	Before 0.20.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/fatfreecrm/fat_free_crm/commit/c85a2546348c2692d32f952c753f7f0b43d1ca71

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.20.1

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/fatfreecrm/fat_free_crm/security/advisories/GHSA-p75c-5x3h-cxcg

Source: security-advisories@github.com

Third Party Advisory

https://github.com/fatfreecrm/fat_free_crm/commit/c85a2546348c2692d32f952c753f7f0b43d1ca71

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.20.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/fatfreecrm/fat_free_crm/security/advisories/GHSA-p75c-5x3h-cxcg

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.