Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/macropay-solutions/laravel-crud-wizard-free@3.4.7

Type composer

Namespace macropay-solutions

Name laravel-crud-wizard-free

Version 3.4.7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.4.17

Latest_non_vulnerable_version 3.4.17

Affected_by_vulnerabilities

url VCID-dz15-qbf6-hbca

vulnerability_id VCID-dz15-qbf6-hbca

summary

laravel-crud-wizard-free has File Validation Bypass
### Impact
Medium

### Patches
Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0

### Workarounds
Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1

### References
https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

references

reference_url

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

reference_url

https://github.com/macropay-solutions/laravel-crud-wizard-free

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/macropay-solutions/laravel-crud-wizard-free

reference_url

https://github.com/macropay-solutions/laravel-crud-wizard-free/commit/5c268cc930ec23a2e6761878cc57c6bd1d1889d2

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/macropay-solutions/laravel-crud-wizard-free/commit/5c268cc930ec23a2e6761878cc57c6bd1d1889d2

reference_url

https://github.com/macropay-solutions/laravel-crud-wizard-free/security/advisories/GHSA-3wgq-h4fr-cwg5

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/macropay-solutions/laravel-crud-wizard-free/security/advisories/GHSA-3wgq-h4fr-cwg5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-27515

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-27515

reference_url	https://github.com/advisories/GHSA-3wgq-h4fr-cwg5
reference_id	GHSA-3wgq-h4fr-cwg5
reference_type
scores
url	https://github.com/advisories/GHSA-3wgq-h4fr-cwg5

fixed_packages

url	pkg:composer/macropay-solutions/laravel-crud-wizard-free@3.4.17
purl	pkg:composer/macropay-solutions/laravel-crud-wizard-free@3.4.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/macropay-solutions/laravel-crud-wizard-free@3.4.17

aliases GHSA-3wgq-h4fr-cwg5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz15-qbf6-hbca

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/macropay-solutions/laravel-crud-wizard-free@3.4.7

Package Instance