Filtered by vendor Laravel
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31279 | 1 Laravel | 1 Laravel | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php. | |||||
| CVE-2022-30779 | 1 Laravel | 1 Laravel | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php. | |||||
| CVE-2022-30778 | 1 Laravel | 1 Laravel | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php. | |||||
| CVE-2021-3129 | 2 Facade, Laravel | 2 Ignition, Laravel | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. | |||||
| CVE-2021-37298 | 1 Laravel | 1 Laravel | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass. | |||||
| CVE-2021-43617 | 1 Laravel | 1 Framework | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. | |||||
| CVE-2019-9081 | 1 Laravel | 1 Framework | 2019-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php. | |||||