CVE-2019-11457

Name of the Vulnerable Software and Affected Versions Django CRM version 0.2.1

Description The issue affects the Django CRM, where multiple CSRF problems exist. These issues are found in various API endpoints, including "/change-password-by-admin/", "/api/settings/add/", "/cases/create/", "/comment/add/", "/documents/1/view/", "/documents/create/", "/opportunities/create/", and "/login/".

Recommendations For Django CRM version 0.2.1, as a temporary workaround, consider disabling the affected API endpoints until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. Avoid using these endpoints in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.