CVE-2022-4867

Description

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

How to fix CVE-2022-4867

To remediate CVE-2022-4867, upgrade the affected package to a fixed version below.

• Packagist/froxlor/froxlor—upgrade to 2.0.0-beta1 or later

Is CVE-2022-4867 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 2.0.0-beta0, < 2.0.0-beta1

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-4867
• PATCHgithub.com/froxlor/froxlor
• WEBgithub.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d
• WEBhuntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa