Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/oro/crm@4.2.0
purl pkg:composer/oro/crm@4.2.0
Next non-vulnerable version 4.2.6
Latest non-vulnerable version 5.1.1
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-p5g5-3z89-63bz
Aliases:
CVE-2023-32063
GHSA-897w-jv7j-6r7g
OroCRMCallBundle has incorrect call view page visibility Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks.
4.2.6
Affected by 0 other vulnerabilities.
5.0.4
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-yuv4-cckd-tqdj
Aliases:
CVE-2021-39198
GHSA-vf7h-6246-hm43
Cross-Site Request Forgery (CSRF) OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.
4.2.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:46:25.691386+00:00 GitLab Importer Affected by VCID-p5g5-3z89-63bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/crm/CVE-2023-32063.yml 38.6.0
2026-06-02T04:40:32.701487+00:00 GitLab Importer Affected by VCID-yuv4-cckd-tqdj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/crm/CVE-2021-39198.yml 38.6.0