GSA_kwCzR0hTQS0zd2dxLWg0ZnItY3dnNc4ABFZd

Moderate CVSS: 6.9

Permalink JSON

laravel-crud-wizard-free has File Validation Bypass

Affected Packages	Affected Versions	Fixed Versions
packagist:macropay-solutions/laravel-crud-wizard-free	< 3.4.17	3.4.17
0 Dependent packages 0 Dependent repositories 110 Downloads total Affected Version Ranges All affected versions 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 2.0.0, 2.0.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16 All unaffected versions 3.4.17, 3.4.18, 3.4.19, 3.4.20, 3.4.21, 3.4.22, 3.4.23, 3.4.24, 3.4.25, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6

Impact

Medium

Patches

Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0

Workarounds

Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1

References

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

References:

Identifiers

GHSA-3wgq-h4fr-cwg5

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/laravel/framework

Date and time

Published

5 months ago

Updated

5 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories