4 matches found
CVE-2024-51758
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the defaultfilesystemdisk configuration. An attacker can access sensitive data by exploiting the default public storage setting. Remediation Upgrade filament/actions to version 3.2.123 ...
CVE-2024-51758
CVE-2024-51758 affects Filament (Laravel components) via the default_filesystem_disk setting. The vulnerability arises when the default storage disk is set to the publicly accessible disk (public); exports and related features can store files there, exposing potentially sensitive data. To mitigat...
CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their...