<p>Upgrade <code>flarum/core</code> to version 0.1.0-beta.9 or higher.</p>

Cross Site Request Forgery (CSRF) Affecting flarum/core package, versions <0.1.0-beta.9

Snyk CVSS

Attack Complexity High

Scope Changed

Confidentiality High

Threat Intelligence

EPSS 0.27% (68^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-FLARUMCORE-451555
published 8 Jul 2019
disclosed 5 Jul 2019
credit CuPcakeN1njA

Report a new vulnerability Found a mistake?

Introduced: 5 Jul 2019

CVE-2019-13183 Open this link in a new tab CWE-352 Open this link in a new tab

How to fix?

Upgrade flarum/core to version 0.1.0-beta.9 or higher.

Overview

flarum/core is a simple discussion platform for your website.

Affected versions of this package are vulnerable to Cross Site Request Forgery (CSRF). The package allows CSRF against all POST endpoints by changing admin settings.

References

GitHub Advisory
GitHub ChangeLog
Release Notes