High severityNVD Advisory· Published Aug 12, 2024· Updated Sep 18, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
CVE-2024-42485
Description
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/{path} allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pxlrbt/filament-excelPackagist | >= 2.0.0-alpha, < 2.3.3 | 2.3.3 |
pxlrbt/filament-excelPackagist | < 1.1.14 | 1.1.14 |
Affected products
2- pxlrbt/filament-excelv5Range: >= 2.0.0-alpha, < 2.3.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m3px-vjxr-fx4mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-42485ghsaADVISORY
- github.com/pxlrbt/filament-excel/commit/af36f933b032aefccc87d17431b6e74673b04af5ghsaWEB
- github.com/pxlrbt/filament-excel/commit/bda42891a4b0c15d5dab5da8c53a006ddadccfb7ghsax_refsource_MISCWEB
- github.com/pxlrbt/filament-excel/releases/tag/v1.1.14ghsaWEB
- github.com/pxlrbt/filament-excel/security/advisories/GHSA-m3px-vjxr-fx4mghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.