[MEDIUM] The disqualify lead action may be executed without CSRF token check

PKSA-q9vg-cpjn-sk23 CVE-2021-39198 GHSA-vf7h-6246-hm43

Affected version: >=4.2.0,<4.2.7|>=3.1.0,<4.1.17

Reported by:
GitHub

Forced Redirect to External Website

PKSA-jy46-265j-7f31

Affected version: >=1.7.0,<1.7.4

Reported by:
FriendsOfPHP/security-advisories