Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-wcjg-sccj-zugf
Vulnerability ID VCID-wcjg-sccj-zugf
Aliases CVE-2021-4130
GHSA-4w23-c97g-fq5v
Summary snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2021-4130
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2021-4130
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2021-4130
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4w23-c97g-fq5v
cvssv3.1 8.8 https://github.com/snipe/snipe-it
generic_textual HIGH https://github.com/snipe/snipe-it
cvssv3.1 8.8 https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
generic_textual HIGH https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
cvssv3.1 8.8 https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
generic_textual HIGH https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4130
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2021-4130
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-4130
https://github.com/snipe/snipe-it
https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
CVE-2021-4130 https://nvd.nist.gov/vuln/detail/CVE-2021-4130
GHSA-4w23-c97g-fq5v https://github.com/advisories/GHSA-4w23-c97g-fq5v
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/snipe/snipe-it
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4130
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.36413
EPSS Score 0.00158
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:27:24.326127+00:00 GHSA Importer Import https://github.com/advisories/GHSA-4w23-c97g-fq5v 38.6.0