RCE in Filamentphp Filament

CVE-2024-51758

Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driv…

EPSS: 0.001 (28.0th percentile) — read the EPSS interpretation.

Affected products

Filamentphp Filament — versions >= 3.2.0, < 3.2.123

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

References

https://github.com/filamentphp/filament/security/advisories/GHSA-4hxw-gc2q-f6f3 (x_refsource_CONFIRM)
https://filamentphp.com/docs/3.x/actions/prebuilt-actions/export#customizing-the-storage-disk (x_refsource_MISC)