{"id":"PYSEC-2019-174","details":"Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.","aliases":["CVE-2019-11457","GHSA-pg2f-r7pc-6fxx"],"modified":"2023-11-01T04:50:16.167198Z","published":"2019-08-27T15:15:00Z","references":[{"type":"ARTICLE","url":"https://www.netsparker.com/blog/web-security/"},{"type":"WEB","url":"http://packetstormsecurity.com/files/154219/Django-CRM-0.2.1-Cross-Site-Request-Forgery.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Aug/30"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-pg2f-r7pc-6fxx"}],"affected":[{"package":{"name":"django-crm","ecosystem":"PyPI","purl":"pkg:pypi/django-crm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.2.1"}]}],"versions":["0.2.1","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/django-crm/PYSEC-2019-174.yaml"}}],"schema_version":"1.7.3"}