GHSA-v69f-5jxm-hwvv

Опубликовано: 05 мар. 2025

Источник: github

Github: Прошло ревью

CVSS4: 9.3

Описание

Volt Allows RCE Via User-Crafted Requests

Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components.

Ссылки

https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv
https://nvd.nist.gov/vuln/detail/CVE-2025-27517

Пакеты

Наименование

livewire/volt

composer

Затронутые версииВерсия исправления

< 1.7.0

1.7.0

EPSS

Процентиль: 74%

0.00824

Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-27517

Дефекты

CWE-20

Связанные уязвимости

CVE-2025-27517

nvd

11 месяцев назад

Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.

EPSS

Процентиль: 74%

0.00824

Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-27517

Дефекты

CWE-20