*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-34515
### Vulnerable Library - spatie/image-optimizer-1.7.2Easily optimize images using PHP
Library home page: https://api.github.com/repos/spatie/image-optimizer/zipball/62f7463483d1bd975f6f06025d89d42a29608fe1
Dependency Hierarchy: - spatie/laravel-medialibrary-11.4.5 (Root Library) - spatie/image-3.4.0 - :x: **spatie/image-optimizer-1.7.2** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailsimage-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar protocol in arguments to file_exists.
Publish Date: 2024-05-05
URL: CVE-2024-34515
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2024-05-05
Fix Resolution: 1.7.3
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)