CVE-2021-3931

Description

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF).

How to fix CVE-2021-3931

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/snipe/snipe-it—no fix listed

Is CVE-2021-3931 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 5.3.1

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-3931
• PATCHgithub.com/snipe/snipe-it
• WEBgithub.com/snipe/snipe-it/commit/0d811d067c8e064252c0143c39d6cd4c3133679e
• WEBhuntr.dev/bounties/03b21d69-3bf5-4b2f-a2cf-872dd677a68f