Is pxlrbt/filament-excel affected by CVE-2024-42485?

Packagist pxlrbt/filament-excel is affected in >=2.0.0-alpha <2.3.3, <1.1.14.

Is CVE-2024-42485 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

high

CVE-2024-42485

Q: Is CVE-2024-42485 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

Packagist · pxlrbt/filament-excel

Summary

Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Severity: high
EPSS: 0.6% (p43)
Also known as: GHSA-m3px-vjxr-fx4m
Published: 2024-08-12

References

https://github.com/pxlrbt/filament-excel/security/advisories/GHSA-m3px-vjxr-fx4m
https://nvd.nist.gov/vuln/detail/CVE-2024-42485
https://github.com/pxlrbt/filament-excel/commit/af36f933b032aefccc87d17431b6e74673b04af5

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.