CVE-2024-35451
MEDIUMLinkStack 2.7.9-4.7.7 - Server-Side Request Forgery via Favicon Component
Title source: llmDescription
LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://datafarm.co.th/blog/CVE-2024-35451:-From-%28Authenticated%29-SSRF-to-Remote-Code-Execution
Scores
CVSS v3
4.8
EPSS
0.0031
EPSS Percentile
22.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
linkstack/linkstack
2.7.9 - 4.7.7
Published
Nov 29, 2024
Tracked Since
Feb 18, 2026