Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/sensiolabs/connect@4.2.3
purl pkg:composer/sensiolabs/connect@4.2.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6u6t-xk9j-p3fe sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Versions of sensiolabs/connect prior to 4.2.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability due to the absence of the state parameter in OAuth requests. The lack of proper state parameter handling exposes applications to CSRF attacks during the OAuth authentication flow. GHSA-6wqp-7g94-f69j
VCID-mppn-8h8q-huet Cross-Site Request Forgery (CSRF) Missing state parameter in OAuth requests leading to CSRF vulnerability. GMS-2018-76

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T16:51:33.759027+00:00 GithubOSV Importer Fixing VCID-6u6t-xk9j-p3fe https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6wqp-7g94-f69j/GHSA-6wqp-7g94-f69j.json 38.6.0
2026-06-04T16:21:45.136532+00:00 GitLab Importer Fixing VCID-6u6t-xk9j-p3fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sensiolabs/connect/GHSA-6wqp-7g94-f69j.yml 38.6.0
2026-06-02T04:36:55.180469+00:00 GitLab Importer Fixing VCID-mppn-8h8q-huet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sensiolabs/connect/GMS-2018-76.yml 38.6.0