Livewire Security Update Advisory (CVE-2024-47823)

Oct 11 2024

Overview

An update has been released to address vulnerabilities in Livewire. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-47823

Livewire versions: ~ 2.12.7 (excluded)
Livewire versions: ~ 3.5.2 (excluded)

Resolved Vulnerabilities

The extension of a loaded file is guessed based on its MIME type, which could allow an attacker to conduct a remote code execution (RCE) attack by uploading a “.php” file with a valid MIME type (CVE-2024-47823)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-47823

Livewire version: 2.12.7
Livewire version: 3.5.2

References

[1] CVE-2024-47823 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47823

[2] Livewire Remote Code Execution on File Uploads

https://github.com/advisories/GHSA-f3cx-396f-7jqp

Livewire Security Update Advisory (CVE-2024-47823)

Adobe Family October 2024 Routine Security Update Advisory

Keycloak Security Update Advisory (CVE-2024-3656)

Tags:

Adobe Family October 2024 Routine Security Update Advisory

Keycloak Security Update Advisory (CVE-2024-3656)