CVE-2024-35451

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 29, 2024
Updated: Dec 2, 2024
CWE ID 918

Summary

CVE-2024-35451 is a vulnerability affecting LinkStack versions 2.7.9 through 4.7.7. This issue permits Server-Side Request Forgery (SSRF) attacks against the favicon.blade.php component. An attacker could exploit this vulnerability by crafting a malicious link that, when processed by an affected application, would initiate an unintended HTTP request. This could potentially lead to the disclosure of internal information or allow the attacker to perform unauthorized actions within the targeted system. The vulnerability poses a significant risk to organizations using LinkStack and emphasizes the importance of keeping software up-to-date to mitigate known security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share