CVE-2024-22859

Name of the Vulnerable Software and Affected Versions livewire versions prior to 3.0.4

Description A Cross-Site Request Forgery (CSRF) issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability problem, not a security problem.

Recommendations For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the getCsrfToken function until a patch is available.