CVE-2022-3017

Description

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.

How to fix CVE-2022-3017

To remediate CVE-2022-3017, upgrade the affected package to a fixed version below.

• Packagist/froxlor/froxlor—upgrade to 0.10.38 or later

Is CVE-2022-3017 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.10.38

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-3017
• PATCHgithub.com/Froxlor/Froxlor
• WEBgithub.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a
• WEBhuntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0