Search criteria
20 vulnerabilities found for framework by laravel
CVE-2024-13919 (GCVE-0-2024-13919)
Vulnerability from nvd – Published: 2025-03-10 10:03 – Updated: 2025-03-10 17:02
VLAI?
Title
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
Fabian Funder (SBA Research)
Philipp Adelsberger (SBA Research)
Jeremy Angele
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:38:06.695003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:41:35.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:03:01.374Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13919",
"datePublished": "2025-03-10T10:03:01.374Z",
"dateReserved": "2025-03-04T18:11:39.565Z",
"dateUpdated": "2025-03-10T17:02:42.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13918 (GCVE-0-2024-13918)
Vulnerability from nvd – Published: 2025-03-10 10:02 – Updated: 2025-03-10 17:02
VLAI?
Title
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
Fabian Funder (SBA Research)
Philipp Adelsberger (SBA Research)
Jeremy Angele
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:55:25.311761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:55:46.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:40.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:02:29.530Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13918",
"datePublished": "2025-03-10T10:02:29.530Z",
"dateReserved": "2025-03-04T18:11:33.625Z",
"dateUpdated": "2025-03-10T17:02:40.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27515 (GCVE-0-2025-27515)
Vulnerability from nvd – Published: 2025-03-05 18:45 – Updated: 2025-03-05 18:59
VLAI?
Title
Laravel has a File Validation Bypass
Summary
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Severity ?
CWE
- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:59:39.412635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:59:49.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
},
{
"status": "affected",
"version": "\u003c 11.44.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:45:50.101Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4"
},
{
"name": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5"
}
],
"source": {
"advisory": "GHSA-78fx-h6xr-vch4",
"discovery": "UNKNOWN"
},
"title": "Laravel has a File Validation Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27515",
"datePublished": "2025-03-05T18:45:50.101Z",
"dateReserved": "2025-02-26T18:11:52.307Z",
"dateUpdated": "2025-03-05T18:59:49.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52301 (GCVE-0-2024-52301)
Vulnerability from nvd – Published: 2024-11-12 19:32 – Updated: 2024-12-21 17:02
VLAI?
Title
Laravel allows environment manipulation via query string
Summary
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "framework",
"vendor": "laravel",
"versions": [
{
"lessThan": "6.20.45",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.30.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.83.28",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.52.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.48.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:51:08.466106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:14:52.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-21T17:02:39.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.20.45"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.7"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.83.28"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.52.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.48.23"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.31.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:32:14.415Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h"
}
],
"source": {
"advisory": "GHSA-gv7v-rgg6-548h",
"discovery": "UNKNOWN"
},
"title": "Laravel allows environment manipulation via query string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52301",
"datePublished": "2024-11-12T19:32:14.415Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-12-21T17:02:39.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40482 (GCVE-0-2022-40482)
Vulnerability from nvd – Published: 2023-04-25 00:00 – Updated: 2025-02-03 20:49
VLAI?
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T20:49:48.149855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T20:49:55.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40482",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2022-09-11T00:00:00.000Z",
"dateUpdated": "2025-02-03T20:49:55.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19316 (GCVE-0-2020-19316)
Vulnerability from nvd – Published: 2021-12-20 19:36 – Updated: 2024-08-04 14:08
VLAI?
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T19:36:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"name": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/",
"refsource": "MISC",
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19316",
"datePublished": "2021-12-20T19:36:41",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43808 (GCVE-0-2021-43808)
Vulnerability from nvd – Published: 2021-12-07 22:20 – Updated: 2024-08-04 04:03
VLAI?
Title
Blade `@parent` Exploitation Leading To Possible XSS in Laravel
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"status": "affected",
"version": "\u003c 6.20.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T22:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
},
"title": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43808",
"STATE": "PUBLIC",
"TITLE": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"version_value": "\u003c 6.20.42"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"name": "https://github.com/laravel/framework/pull/39906",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"name": "https://github.com/laravel/framework/pull/39908",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"name": "https://github.com/laravel/framework/pull/39909",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"name": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v6.20.42",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v7.30.6",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v8.75.0",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
]
},
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43808",
"datePublished": "2021-12-07T22:20:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43617 (GCVE-0-2021-43617)
Vulnerability from nvd – Published: 2021-11-14 15:32 – Updated: 2024-08-04 04:03
VLAI?
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T17:17:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"name": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"name": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43617",
"datePublished": "2021-11-14T15:32:39",
"dateReserved": "2021-11-14T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21263 (GCVE-0-2021-21263)
Vulnerability from nvd – Published: 2021-01-19 19:40 – Updated: 2024-08-03 18:09
VLAI?
Title
Query Binding Exploitation in Laravel
Summary
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
Severity ?
7.2 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T19:40:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
},
"title": "Query Binding Exploitation in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21263",
"STATE": "PUBLIC",
"TITLE": "Query Binding Exploitation in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"name": "https://github.com/laravel/framework/pull/35865",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"name": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
"refsource": "MISC",
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"name": "https://packagist.org/packages/laravel/framework",
"refsource": "MISC",
"url": "https://packagist.org/packages/laravel/framework"
},
{
"name": "https://packagist.org/packages/illuminate/database",
"refsource": "MISC",
"url": "https://packagist.org/packages/illuminate/database"
}
]
},
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21263",
"datePublished": "2021-01-19T19:40:18",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:14.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6330 (GCVE-0-2018-6330)
Vulnerability from nvd – Published: 2019-03-28 15:41 – Updated: 2024-08-05 06:01
VLAI?
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T15:41:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/",
"refsource": "MISC",
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"name": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6330",
"datePublished": "2019-03-28T15:41:02",
"dateReserved": "2018-01-26T00:00:00",
"dateUpdated": "2024-08-05T06:01:48.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13919 (GCVE-0-2024-13919)
Vulnerability from cvelistv5 – Published: 2025-03-10 10:03 – Updated: 2025-03-10 17:02
VLAI?
Title
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
Fabian Funder (SBA Research)
Philipp Adelsberger (SBA Research)
Jeremy Angele
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:38:06.695003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:41:35.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:03:01.374Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13919",
"datePublished": "2025-03-10T10:03:01.374Z",
"dateReserved": "2025-03-04T18:11:39.565Z",
"dateUpdated": "2025-03-10T17:02:42.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13918 (GCVE-0-2024-13918)
Vulnerability from cvelistv5 – Published: 2025-03-10 10:02 – Updated: 2025-03-10 17:02
VLAI?
Title
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Affected:
11.9.0 , ≤ 11.35.1
(custom)
|
Credits
Fabian Funder (SBA Research)
Philipp Adelsberger (SBA Research)
Jeremy Angele
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T12:55:25.311761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T12:55:46.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-10T17:02:40.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Laravel Framework",
"repo": "https://github.com/laravel/framework",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"lessThanOrEqual": "11.35.1",
"status": "affected",
"version": "11.9.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must run with debug-mode enabled (\u003ctt\u003eAPP_DEBUG=true\u003c/tt\u003e)."
}
],
"value": "The application must run with debug-mode enabled (APP_DEBUG=true)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Philipp Adelsberger (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jeremy Angele"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T10:02:29.530Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page"
},
{
"tags": [
"patch"
],
"url": "https://github.com/laravel/framework/pull/53869"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/laravel/framework/releases/tag/v11.36.0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 11.36.0 or later."
}
],
"value": "Update to version 11.36.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that the application does not run in debug-mode by setting \u003ctt\u003eAPP_DEBUG=false\u003c/tt\u003e in your configuration."
}
],
"value": "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-13918",
"datePublished": "2025-03-10T10:02:29.530Z",
"dateReserved": "2025-03-04T18:11:33.625Z",
"dateUpdated": "2025-03-10T17:02:40.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27515 (GCVE-0-2025-27515)
Vulnerability from cvelistv5 – Published: 2025-03-05 18:45 – Updated: 2025-03-05 18:59
VLAI?
Title
Laravel has a File Validation Bypass
Summary
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Severity ?
CWE
- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:59:39.412635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:59:49.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
},
{
"status": "affected",
"version": "\u003c 11.44.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:45:50.101Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4"
},
{
"name": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5"
}
],
"source": {
"advisory": "GHSA-78fx-h6xr-vch4",
"discovery": "UNKNOWN"
},
"title": "Laravel has a File Validation Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27515",
"datePublished": "2025-03-05T18:45:50.101Z",
"dateReserved": "2025-02-26T18:11:52.307Z",
"dateUpdated": "2025-03-05T18:59:49.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52301 (GCVE-0-2024-52301)
Vulnerability from cvelistv5 – Published: 2024-11-12 19:32 – Updated: 2024-12-21 17:02
VLAI?
Title
Laravel allows environment manipulation via query string
Summary
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "framework",
"vendor": "laravel",
"versions": [
{
"lessThan": "6.20.45",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.30.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.83.28",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.52.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.48.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:51:08.466106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:14:52.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-21T17:02:39.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003c 6.20.45"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.7"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.83.28"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.52.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.48.23"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.31.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:32:14.415Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h"
}
],
"source": {
"advisory": "GHSA-gv7v-rgg6-548h",
"discovery": "UNKNOWN"
},
"title": "Laravel allows environment manipulation via query string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52301",
"datePublished": "2024-11-12T19:32:14.415Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-12-21T17:02:39.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40482 (GCVE-0-2022-40482)
Vulnerability from cvelistv5 – Published: 2023-04-25 00:00 – Updated: 2025-02-03 20:49
VLAI?
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T20:49:48.149855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T20:49:55.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/"
},
{
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40482",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2022-09-11T00:00:00.000Z",
"dateUpdated": "2025-02-03T20:49:55.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19316 (GCVE-0-2020-19316)
Vulnerability from cvelistv5 – Published: 2021-12-20 19:36 – Updated: 2024-08-04 14:08
VLAI?
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T19:36:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31"
},
{
"name": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/",
"refsource": "MISC",
"url": "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19316",
"datePublished": "2021-12-20T19:36:41",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43808 (GCVE-0-2021-43808)
Vulnerability from cvelistv5 – Published: 2021-12-07 22:20 – Updated: 2024-08-04 04:03
VLAI?
Title
Blade `@parent` Exploitation Leading To Possible XSS in Laravel
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"status": "affected",
"version": "\u003c 6.20.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T22:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
],
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
},
"title": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43808",
"STATE": "PUBLIC",
"TITLE": "Blade `@parent` Exploitation Leading To Possible XSS in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.75.0"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.6"
},
{
"version_value": "\u003c 6.20.42"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
},
{
"name": "https://github.com/laravel/framework/pull/39906",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39906"
},
{
"name": "https://github.com/laravel/framework/pull/39908",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39908"
},
{
"name": "https://github.com/laravel/framework/pull/39909",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/39909"
},
{
"name": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v6.20.42",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v6.20.42"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v7.30.6",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v7.30.6"
},
{
"name": "https://github.com/laravel/framework/releases/tag/v8.75.0",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/releases/tag/v8.75.0"
}
]
},
"source": {
"advisory": "GHSA-66hf-2p6w-jqfw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43808",
"datePublished": "2021-12-07T22:20:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43617 (GCVE-0-2021-43617)
Vulnerability from cvelistv5 – Published: 2021-11-14 15:32 – Updated: 2024-08-04 04:03
VLAI?
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T17:17:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333"
},
{
"name": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8"
},
{
"name": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6",
"refsource": "MISC",
"url": "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43617",
"datePublished": "2021-11-14T15:32:39",
"dateReserved": "2021-11-14T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21263 (GCVE-0-2021-21263)
Vulnerability from cvelistv5 – Published: 2021-01-19 19:40 – Updated: 2024-08-03 18:09
VLAI?
Title
Query Binding Exploitation in Laravel
Summary
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
Severity ?
7.2 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "laravel",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T19:40:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/laravel/framework"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/illuminate/database"
}
],
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
},
"title": "Query Binding Exploitation in Laravel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21263",
"STATE": "PUBLIC",
"TITLE": "Query Binding Exploitation in Laravel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "framework",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.0.0, \u003c 6.20.11"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.30.2"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.22.1"
}
]
}
}
]
},
"vendor_name": "laravel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x",
"refsource": "CONFIRM",
"url": "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
},
{
"name": "https://github.com/laravel/framework/pull/35865",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/pull/35865"
},
{
"name": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
"refsource": "MISC",
"url": "https://blog.laravel.com/security-laravel-62011-7302-8221-released"
},
{
"name": "https://packagist.org/packages/laravel/framework",
"refsource": "MISC",
"url": "https://packagist.org/packages/laravel/framework"
},
{
"name": "https://packagist.org/packages/illuminate/database",
"refsource": "MISC",
"url": "https://packagist.org/packages/illuminate/database"
}
]
},
"source": {
"advisory": "GHSA-3p32-j457-pg5x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21263",
"datePublished": "2021-01-19T19:40:18",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:14.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6330 (GCVE-0-2018-6330)
Vulnerability from cvelistv5 – Published: 2019-03-28 15:41 – Updated: 2024-08-05 06:01
VLAI?
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T15:41:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/",
"refsource": "MISC",
"url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/"
},
{
"name": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md",
"refsource": "MISC",
"url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6330",
"datePublished": "2019-03-28T15:41:02",
"dateReserved": "2018-01-26T00:00:00",
"dateUpdated": "2024-08-05T06:01:48.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}