Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/oro/crm@3.1.0

Type composer

Namespace oro

Name crm

Version 3.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.0

Latest_non_vulnerable_version 5.1.1

Affected_by_vulnerabilities

url VCID-yuv4-cckd-tqdj

vulnerability_id VCID-yuv4-cckd-tqdj

summary

Cross-Site Request Forgery (CSRF)
OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39198

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28316
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39198

reference_url

https://github.com/oroinc/crm

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/oroinc/crm

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39198

reference_id

CVE-2021-39198

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39198

reference_url

https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43

reference_id

GHSA-vf7h-6246-hm43

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43

fixed_packages

url	pkg:composer/oro/crm@4.0.0
purl	pkg:composer/oro/crm@4.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.0.0

url	pkg:composer/oro/crm@4.1.17
purl	pkg:composer/oro/crm@4.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.1.17

url	pkg:composer/oro/crm@4.2.6
purl	pkg:composer/oro/crm@4.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.6

url	pkg:composer/oro/crm@4.2.7
purl	pkg:composer/oro/crm@4.2.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.7

aliases CVE-2021-39198, GHSA-vf7h-6246-hm43

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuv4-cckd-tqdj

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@3.1.0

Package Instance