Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Laravel Valet by Laravel

    CVE-2021-47756 (GCVE-0-2021-47756)

    Vulnerability from nvd – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:05
    VLAI
    Title
    Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)
    Summary
    Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Laravel Laravel Valet Affected: 1.1.4 to 2.0.3
    Create a notification for this product.
    Date Public
    2021-12-14 00:00
    Credits
    leonjza
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-47756",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T16:15:32.254651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T16:15:38.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Laravel Valet",
              "vendor": "Laravel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.4 to 2.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "leonjza"
            }
          ],
          "datePublic": "2021-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:05:58.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50591",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50591"
            },
            {
              "name": "Laravel Valet Official Documentation",
              "tags": [
                "product"
              ],
              "url": "https://laravel.com/docs/8.x/valet"
            },
            {
              "name": "VulnCheck Advisory: Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos"
            }
          ],
          "title": "Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2021-47756",
        "datePublished": "2026-01-15T23:25:35.938Z",
        "dateReserved": "2026-01-10T16:58:28.313Z",
        "dateUpdated": "2026-04-07T14:05:58.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-47756 (GCVE-0-2021-47756)

    Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:05
    VLAI
    Title
    Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)
    Summary
    Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Laravel Laravel Valet Affected: 1.1.4 to 2.0.3
    Create a notification for this product.
    Date Public
    2021-12-14 00:00
    Credits
    leonjza
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-47756",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T16:15:32.254651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T16:15:38.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Laravel Valet",
              "vendor": "Laravel",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.4 to 2.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "leonjza"
            }
          ],
          "datePublic": "2021-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:05:58.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50591",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50591"
            },
            {
              "name": "Laravel Valet Official Documentation",
              "tags": [
                "product"
              ],
              "url": "https://laravel.com/docs/8.x/valet"
            },
            {
              "name": "VulnCheck Advisory: Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos"
            }
          ],
          "title": "Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2021-47756",
        "datePublished": "2026-01-15T23:25:35.938Z",
        "dateReserved": "2026-01-10T16:58:28.313Z",
        "dateUpdated": "2026-04-07T14:05:58.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }