CVE-2024-22859

Published: Feb 1, 2024

Modified: May 29, 2025

PUBLISHED

Description

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3b

https://github.com/github/advisory-database/pull/3490

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-22859

Description

Affected Products

References