What is CVE-2024-47823?

CVE-2024-47823 is a vulnerability in Livewire, classified under Improper Input Validation. Published 2024-10-08.

Is CVE-2024-47823 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Livewire

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a r…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (47.0th percentile) — read the EPSS interpretation.

Affected products

Livewire — versions >= 3.0.0-beta.1, < 3.5.2, < 2.12.7

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

HelgeSverre/livewire-honeypot

References

https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp (x_refsource_CONFIRM)
https://github.com/livewire/livewire/pull/8624 (x_refsource_MISC)
https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5 (x_refsource_MISC)
https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47823?: CVE-2024-47823 is a vulnerability in Livewire, classified under Improper Input Validation. Published 2024-10-08.
Is CVE-2024-47823 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.