VYPR
High severityNVD Advisory· Published Aug 12, 2024· Updated Sep 18, 2024

Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

CVE-2024-42485

Description

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/{path} allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pxlrbt/filament-excelPackagist
>= 2.0.0-alpha, < 2.3.32.3.3
pxlrbt/filament-excelPackagist
< 1.1.141.1.14

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.