GHSA-3wgq-h4fr-cwg5

Опубликовано: 12 мар. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.9

Описание

laravel-crud-wizard-free has File Validation Bypass

Impact

Medium

Patches

Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0

Workarounds

Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1

References

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

Ссылки

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
https://github.com/macropay-solutions/laravel-crud-wizard-free/security/advisories/GHSA-3wgq-h4fr-cwg5
https://nvd.nist.gov/vuln/detail/CVE-2025-27515
https://github.com/macropay-solutions/laravel-crud-wizard-free/commit/5c268cc930ec23a2e6761878cc57c6bd1d1889d2

Пакеты

Наименование

macropay-solutions/laravel-crud-wizard-free

composer

Затронутые версииВерсия исправления

< 3.4.17

3.4.17

6.9 Medium

CVSS4

Дефекты

CWE-155

6.9 Medium

CVSS4

Дефекты

CWE-155