{"id":"GHSA-hq4r-47qc-3jhc","summary":"MicroPyramid Django-CRM CSRF","details":"MicroPyramid Django-CRM 0.2 allows CSRF for `/users/create/`, `/users/##/edit/`, and `/accounts/##/delete/` URIs.","aliases":["CVE-2018-16552","PYSEC-2018-65"],"modified":"2024-09-16T21:31:13.289291Z","published":"2022-05-13T01:11:25Z","database_specific":{"cwe_ids":["CWE-352"],"nvd_published_at":"2018-09-05T22:29:00Z","github_reviewed":true,"severity":"HIGH","github_reviewed_at":"2023-07-20T18:58:58Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16552"},{"type":"WEB","url":"https://github.com/MicroPyramid/Django-CRM/issues/68"},{"type":"PACKAGE","url":"https://github.com/MicroPyramid/Django-CRM"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/django-crm/PYSEC-2018-65.yaml"}],"affected":[{"package":{"name":"django-crm","ecosystem":"PyPI","purl":"pkg:pypi/django-crm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.2"}]}],"versions":["0.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hq4r-47qc-3jhc/GHSA-hq4r-47qc-3jhc.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}