Moderate severityNVD Advisory· Published Sep 17, 2024· Updated Mar 18, 2025
CVE-2024-47049
CVE-2024-47049
Description
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
czim/file-handlingPackagist | < 1.5.0 | 1.5.0 |
czim/file-handlingPackagist | >= 2.0.0, < 2.3.0 | 2.3.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6rgh-r6j3-3223ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47049ghsaADVISORY
- github.com/czim/file-handling/blob/2.3.0/SECURITY.mdghsaWEB
- github.com/czim/file-handling/commit/95dfda850536bf35e684619598b9d02f4c97680dghsaWEB
- github.com/czim/file-handling/commit/dcf879896efe3457f51af9c8eab9f70dfc709a99ghsaWEB
News mentions
0No linked articles in our index yet.