CVE-2024-47186: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
(updated )
If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered.
Versions of Filament from v3.0.0 through v3.2.114 are affected.
Please upgrade to Filament v3.2.115.
References
- github.com/advisories/GHSA-9h9q-qhxg-89xr
- github.com/filamentphp/filament
- github.com/filamentphp/filament/commit/df7989352464d08eda5837ef50f9997fad902316
- github.com/filamentphp/filament/releases/tag/v3.2.115
- github.com/filamentphp/filament/security/advisories/GHSA-9h9q-qhxg-89xr
- nvd.nist.gov/vuln/detail/CVE-2024-47186
Code Behaviors & Features
Detect and mitigate CVE-2024-47186 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →