{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "504d6f0ebd5847169d73c52d312e91916a7280bb" } ], "repo": "https://github.com/salesagility/suitecrm", "type": "GIT" } ] }, { "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.0.0" }, { "fixed": "8.6.1" } ] }, "events": [ { "introduced": "55c1ee9cbdf409ed41c04da0bbf442b311a3ab57" }, { "fixed": "f483bec4cffb267840725af5c022a7e8f2599934" } ], "repo": "https://github.com/salesagility/suitecrm-core", "type": "GIT" } ] } ], "aliases": [ "GHSA-hcw8-p37h-8hrv" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-601" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36406.json" }, "details": "SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.", "id": "CVE-2024-36406", "modified": "2026-03-13T21:47:53.983682250Z", "published": "2024-06-10T15:06:22.355Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36406.json" }, { "type": "ADVISORY", "url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36406" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "type": "CVSS_V3" } ], "summary": "SuiteCRM vulnerable to open redirects" }