CVE-2024-41811 Information

Description

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is under certain circumstances susceptible to cross site request forgery. (CSRF). All affected products in any version will be unaffected by this once icinga-php-library is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the icinga-php-library v0.14.1 release.

Reference

https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e