CVE-2024-47823 (GCVE-0-2024-47823)
Vulnerability from cvelistv5 – Published: 2024-10-08 17:48 – Updated: 2025-07-17 18:22
VLAI?
Summary
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laravel:livewire:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "livewire",
"vendor": "laravel",
"versions": [
{
"lessThan": "3.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47823",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:28:08.506159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:35:08.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livewire",
"vendor": "livewire",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0-beta.1, \u003c 3.5.2"
},
{
"status": "affected",
"version": "\u003c 2.12.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a \u201c.php\u201d file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file-\u003egetClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute \u201c.php\u201d files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T18:22:08.024Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp"
},
{
"name": "https://github.com/livewire/livewire/pull/8624",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livewire/livewire/pull/8624"
},
{
"name": "https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5"
},
{
"name": "https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9"
}
],
"source": {
"advisory": "GHSA-f3cx-396f-7jqp",
"discovery": "UNKNOWN"
},
"title": "Livewire Remote Code Execution (RCE) on File Uploads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47823",
"datePublished": "2024-10-08T17:48:36.496Z",
"dateReserved": "2024-10-03T14:06:12.640Z",
"dateUpdated": "2025-07-17T18:22:08.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a \\u201c.php\\u201d file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file-\u003egetClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute \\u201c.php\\u201d files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Livewire es un framework full-stack para Laravel que permite componentes de UI din\\u00e1micos sin salir de PHP. En livewire/livewire `\u0026lt; v3.5.2`, la extensi\\u00f3n de archivo de un archivo cargado se adivina en funci\\u00f3n del tipo MIME. Como resultado, la extensi\\u00f3n de archivo real del nombre de archivo no se valida. Por lo tanto, un atacante puede eludir la validaci\\u00f3n cargando un archivo con un tipo MIME v\\u00e1lido (por ejemplo, `image/png`) y una extensi\\u00f3n de archivo \\u201c.php\\u201d. Si se cumplen los siguientes criterios, el atacante puede llevar a cabo un ataque RCE: 1. El nombre de archivo est\\u00e1 compuesto por el nombre de archivo original utilizando `$file-\u0026gt;getClientOriginalName()`. 2. Archivos almacenados directamente en su servidor en un disco de almacenamiento p\\u00fablico. 3. El servidor web est\\u00e1 configurado para ejecutar archivos \\u201c.php\\u201d. Este problema se ha solucionado en la versi\\u00f3n de lanzamiento 3.5.2. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad.\"}]",
"id": "CVE-2024-47823",
"lastModified": "2024-10-10T12:56:30.817",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
"published": "2024-10-08T18:15:31.370",
"references": "[{\"url\": \"https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/livewire/livewire/pull/8624\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp\", \"source\": \"security-advisories@github.com\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47823\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-10-08T18:15:31.370\",\"lastModified\":\"2025-03-06T18:06:52.687\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a \u201c.php\u201d file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file-\u003egetClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute \u201c.php\u201d files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Livewire es un framework full-stack para Laravel que permite componentes de UI din\u00e1micos sin salir de PHP. En livewire/livewire `\u0026lt; v3.5.2`, la extensi\u00f3n de archivo de un archivo cargado se adivina en funci\u00f3n del tipo MIME. Como resultado, la extensi\u00f3n de archivo real del nombre de archivo no se valida. Por lo tanto, un atacante puede eludir la validaci\u00f3n cargando un archivo con un tipo MIME v\u00e1lido (por ejemplo, `image/png`) y una extensi\u00f3n de archivo \u201c.php\u201d. Si se cumplen los siguientes criterios, el atacante puede llevar a cabo un ataque RCE: 1. El nombre de archivo est\u00e1 compuesto por el nombre de archivo original utilizando `$file-\u0026gt;getClientOriginalName()`. 2. Archivos almacenados directamente en su servidor en un disco de almacenamiento p\u00fablico. 3. El servidor web est\u00e1 configurado para ejecutar archivos \u201c.php\u201d. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 3.5.2. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:laravel:livewire:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.7\",\"matchCriteriaId\":\"B6446531-ADA1-4E07-927F-1AB6E0169262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:laravel:livewire:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.5.2\",\"matchCriteriaId\":\"8834EF93-2302-41B4-A5D2-2918D4740BB3\"}]}]}],\"references\":[{\"url\":\"https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/livewire/livewire/pull/8624\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Issue Tracking\"]},{\"url\":\"https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47823\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-08T18:28:08.506159Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:laravel:livewire:*:*:*:*:*:wordpress:*:*\"], \"vendor\": \"laravel\", \"product\": \"livewire\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.5.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-08T18:33:17.239Z\"}}], \"cna\": {\"title\": \"Livewire Remote Code Execution (RCE) on File Uploads\", \"source\": {\"advisory\": \"GHSA-f3cx-396f-7jqp\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"livewire\", \"product\": \"livewire\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.0.0-beta.1, \u003c 3.5.2\"}, {\"status\": \"affected\", \"version\": \"\u003c 2.12.7\"}]}], \"references\": [{\"url\": \"https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp\", \"name\": \"https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/livewire/livewire/pull/8624\", \"name\": \"https://github.com/livewire/livewire/pull/8624\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5\", \"name\": \"https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9\", \"name\": \"https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a \\u201c.php\\u201d file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file-\u003egetClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute \\u201c.php\\u201d files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-17T18:22:08.024Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47823\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-17T18:22:08.024Z\", \"dateReserved\": \"2024-10-03T14:06:12.640Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-08T17:48:36.496Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…