Medium severity4.2NVD Advisory· Published Nov 19, 2021· Updated Jun 17, 2026
CVE-2021-39198
CVE-2021-39198
Description
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oro/crmPackagist | >= 3.1.0, < 4.1.17 | 4.1.17 |
oro/crmPackagist | >= 4.2.0, < 4.2.7 | 4.2.7 |
Affected products
2- oroinc/crmv5Range: >=4.2.0, < 4.2.7
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-vf7h-6246-hm43ghsaADVISORY
- github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-39198ghsaADVISORY
News mentions
0No linked articles in our index yet.