CVE-2023-4977

Description

Code Injection in GitHub repository librenms/librenms prior to 23.9.0.

How to fix CVE-2023-4977

To remediate CVE-2023-4977, upgrade the affected package to a fixed version below.

• Packagist/librenms/librenms—upgrade to 23.9.0 or later

Is CVE-2023-4977 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 23.9.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-4977
• PATCHgithub.com/librenms/librenms
• WEBgithub.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0
• WEBhuntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc