CVE-2024-42485 Information

Description

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3.

Reference

https://github.com/pxlrbt/filament-excel/security/advisories/GHSA-m3px-vjxr-fx4m https://github.com/pxlrbt/filament-excel/commit/bda42891a4b0c15d5dab5da8c53a006ddadccfb7