GHSA-pfj7-w373-gqch

GitHub Security Advisory

Cross-Site Request Forgery in firefly-iii

✓ GitHub Reviewed MODERATE Has CVE

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF).

Packagist grumpydictator/firefly-iii

Affected versions: 0 (last affected: 5.6.2)

CVE-2021-3900

GHSA ID

GHSA-pfj7-w373-gqch

Published

October 28, 2021 11:14 PM

Last Modified

October 29, 2021 1:49 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

grumpydictator/firefly-iii

GitHub Reviewed

✓ Yes

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.