Is ipl/web affected by CVE-2024-41811?

Packagist ipl/web is affected in <0.10.1.

Is CVE-2024-41811 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

low

CVE-2024-41811

Q: Is CVE-2024-41811 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Packagist · ipl/web

Summary

ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

Severity: low
EPSS: 0.2% (p7)
Also known as: GHSA-w9pg-7c3h-fc8j
Published: 2024-08-05

References

https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j
https://nvd.nist.gov/vuln/detail/CVE-2024-41811
https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e

Related advisories

CVE-2026-42224 — high · Packagist/ipl/web

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.