Summary: Three vulnerabilities in the open-source PHP package Voyager could lead to remote code execution when an authenticated user interacts with malicious links. Reports of these vulnerabilities went unanswered by the maintainers within the 90-day disclosure period. Affected users are advised to take preventive measures as these flaws remain unpatched.
Affected: Voyager package for Laravel applications
Keypoints :
- Three critical vulnerabilities, CVE-2024-55417, CVE-2024-55416, and CVE-2024-55415, are discovered that could lead to remote code execution and unauthorized file manipulation.
- SonarSource attempted to notify Voyager maintainers through various channels but received no response before the public disclosure deadline.
- Users are advised to limit access, implement stricter security measures, and consider alternative solutions until official patches are released.