Denolfe

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1 Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with `create` or `update` access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Recommendations Upgrade to version 3.79.1 or later.

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1 Description A Cross-Site Request Forgery (CSRF) issue existed in the authentication process. In certain scenarios, the configured CSRF protection could be bypassed, enabling unauthorized cross-site requests. The `serverURL` configuration impacts whether a consumer is affected. Recommendations Upgrade to version 3.79.1 or later.