FileManager Deserialization of Untrusted Data vulnerability
High severity
GitHub Reviewed
Published
Nov 13, 2024
in
Laravel-Backpack/FileManager
•
Updated Nov 18, 2024
Package
Affected versions
>= 3.0.0, < 3.0.9
< 2.0.2
Patched versions
3.0.9
2.0.2
Description
Published by the National Vulnerability Database
Nov 13, 2024
Published to the GitHub Advisory Database
Nov 13, 2024
Reviewed
Nov 13, 2024
Last updated
Nov 18, 2024
Impact
Deserialization of untrusted data from the
mimes
parameter could lead to remote code execution.Patches
Fixed in 3.0.9
Workarounds
Not needed, a
composer update
will solve it in a non-breaking way.References
Reported responsibly Vladislav Gladkiy at Positive Technologies.
References