{"id":"CVE-2022-39281","summary":"Remote Denial of Service via Tasks endpoint in fat_free_crm","details":"fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.","aliases":["GHSA-p75c-5x3h-cxcg"],"modified":"2026-04-10T04:50:20.320323Z","published":"2022-10-08T00:00:00Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-20"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39281.json"},"references":[{"type":"WEB","url":"https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.20.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39281.json"},{"type":"ADVISORY","url":"https://github.com/fatfreecrm/fat_free_crm/security/advisories/GHSA-p75c-5x3h-cxcg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39281"},{"type":"FIX","url":"https://github.com/fatfreecrm/fat_free_crm/commit/c85a2546348c2692d32f952c753f7f0b43d1ca71"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fatfreecrm/fat_free_crm","events":[{"introduced":"0"},{"fixed":"b122c5f6a6c403febaa2befd6906a883fb2405b8"}]}],"versions":["0.10.1","0.10.1-rc3","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.8","0.9.9","0.9.9a","v0.11.2","v0.11.3","v0.11.4","v0.12.0","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.15.0","v0.15.0-beta.2","v0.16.0","v0.17.0","v0.18.0","v0.19.1","v0.20.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}