High severityNVD Advisory· Published Feb 1, 2024· Updated May 29, 2025

CVE-2024-22859

Description

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
livewire/livewirePackagist	>= 3.0.0, < 3.0.4	3.0.4

Affected products

Livewire/Livewirecpe-rescue
ghsa-coords
pkg:composer/livewire/livewire
Range: >= 3.0.0, < 3.0.4

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-2cjh-75gp-34gcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-22859ghsaADVISORY
github.com/github/advisory-database/pull/3490ghsaWEB
github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3bghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000