GHSA-3wgq-h4fr-cwg5

Source

https://github.com/advisories/GHSA-3wgq-h4fr-cwg5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-3wgq-h4fr-cwg5/GHSA-3wgq-h4fr-cwg5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3wgq-h4fr-cwg5

Published

2025-03-12T15:56:23Z

Modified

2025-03-12T16:12:09.523741Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

laravel-crud-wizard-free has File Validation Bypass

Details

Impact

Medium

Patches

Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0

Workarounds

Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1

References

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-155"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-12T15:56:23Z"
}

References

Affected packages

Packagist / macropay-solutions/laravel-crud-wizard-free

Package

Name: macropay-solutions/laravel-crud-wizard-free
Purl: pkg:composer/macropay-solutions/laravel-crud-wizard-free

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.17

Affected versions

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.3

2.*

2.0.0

2.0.1

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.4.10

3.4.11

3.4.12

3.4.13

3.4.14

3.4.15

3.4.16