Vulnerabilites related to laravel - framework
cve-2020-19316
Vulnerability from cvelistv5
Published
2021-12-20 19:36
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | x_refsource_MISC | |
| http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:08:30.836Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-20T19:36:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", }, { tags: [ "x_refsource_MISC", ], url: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-19316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", refsource: "MISC", url: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", }, { name: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", refsource: "MISC", url: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-19316", datePublished: "2021-12-20T19:36:41", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:08:30.836Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6330
Vulnerability from cvelistv5
Published
2019-03-28 15:41
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | x_refsource_MISC | |
| https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:48.508Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-26T00:00:00", descriptions: [ { lang: "en", value: "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-28T15:41:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6330", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", refsource: "MISC", url: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", }, { name: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", refsource: "MISC", url: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6330", datePublished: "2019-03-28T15:41:02", dateReserved: "2018-01-26T00:00:00", dateUpdated: "2024-08-05T06:01:48.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40482
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2025-02-03 20:49
Severity ?
EPSS score ?
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:45.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ephort.dk/blog/laravel-timing-attack-vulnerability/", }, { tags: [ "x_transferred", ], url: "https://github.com/ephort/laravel-user-enumeration-demo", }, { tags: [ "x_transferred", ], url: "https://github.com/laravel/framework/pull/44069", }, { tags: [ "x_transferred", ], url: "https://github.com/laravel/framework/releases/tag/v9.32.0", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-40482", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T20:49:48.149855Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "CWE-203 Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T20:49:55.862Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-25T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ephort.dk/blog/laravel-timing-attack-vulnerability/", }, { url: "https://github.com/ephort/laravel-user-enumeration-demo", }, { url: "https://github.com/laravel/framework/pull/44069", }, { url: "https://github.com/laravel/framework/releases/tag/v9.32.0", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40482", datePublished: "2023-04-25T00:00:00.000Z", dateReserved: "2022-09-11T00:00:00.000Z", dateUpdated: "2025-02-03T20:49:55.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43808
Vulnerability from cvelistv5
Published
2021-12-07 22:20
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/pull/39906 | x_refsource_MISC | |
| https://github.com/laravel/framework/pull/39908 | x_refsource_MISC | |
| https://github.com/laravel/framework/pull/39909 | x_refsource_MISC | |
| https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v6.20.42 | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v7.30.6 | x_refsource_MISC | |
| https://github.com/laravel/framework/releases/tag/v8.75.0 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:03:08.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/pull/39906", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/pull/39908", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/pull/39909", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/releases/tag/v6.20.42", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/releases/tag/v7.30.6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/releases/tag/v8.75.0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "framework", vendor: "laravel", versions: [ { status: "affected", version: ">= 8.0.0, < 8.75.0", }, { status: "affected", version: ">= 7.0.0, < 7.30.6", }, { status: "affected", version: "< 6.20.42", }, ], }, ], descriptions: [ { lang: "en", value: "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-07T22:20:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/pull/39906", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/pull/39908", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/pull/39909", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/releases/tag/v6.20.42", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/releases/tag/v7.30.6", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/releases/tag/v8.75.0", }, ], source: { advisory: "GHSA-66hf-2p6w-jqfw", discovery: "UNKNOWN", }, title: "Blade `@parent` Exploitation Leading To Possible XSS in Laravel", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-43808", STATE: "PUBLIC", TITLE: "Blade `@parent` Exploitation Leading To Possible XSS in Laravel", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "framework", version: { version_data: [ { version_value: ">= 8.0.0, < 8.75.0", }, { version_value: ">= 7.0.0, < 7.30.6", }, { version_value: "< 6.20.42", }, ], }, }, ], }, vendor_name: "laravel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", refsource: "CONFIRM", url: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", }, { name: "https://github.com/laravel/framework/pull/39906", refsource: "MISC", url: "https://github.com/laravel/framework/pull/39906", }, { name: "https://github.com/laravel/framework/pull/39908", refsource: "MISC", url: "https://github.com/laravel/framework/pull/39908", }, { name: "https://github.com/laravel/framework/pull/39909", refsource: "MISC", url: "https://github.com/laravel/framework/pull/39909", }, { name: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", refsource: "MISC", url: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", }, { name: "https://github.com/laravel/framework/releases/tag/v6.20.42", refsource: "MISC", url: "https://github.com/laravel/framework/releases/tag/v6.20.42", }, { name: "https://github.com/laravel/framework/releases/tag/v7.30.6", refsource: "MISC", url: "https://github.com/laravel/framework/releases/tag/v7.30.6", }, { name: "https://github.com/laravel/framework/releases/tag/v8.75.0", refsource: "MISC", url: "https://github.com/laravel/framework/releases/tag/v8.75.0", }, ], }, source: { advisory: "GHSA-66hf-2p6w-jqfw", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-43808", datePublished: "2021-12-07T22:20:12", dateReserved: "2021-11-16T00:00:00", dateUpdated: "2024-08-04T04:03:08.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27515
Vulnerability from cvelistv5
Published
2025-03-05 18:45
Modified
2025-03-05 18:59
Severity ?
EPSS score ?
Summary
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4 | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27515", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-05T18:59:39.412635Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-05T18:59:49.627Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "framework", vendor: "laravel", versions: [ { status: "affected", version: ">= 12.0.0, < 12.1.1", }, { status: "affected", version: "< 11.44.1", }, ], }, ], descriptions: [ { lang: "en", value: "Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-155", description: "CWE-155: Improper Neutralization of Wildcards or Matching Symbols", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-05T18:45:50.101Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4", }, { name: "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5", tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5", }, ], source: { advisory: "GHSA-78fx-h6xr-vch4", discovery: "UNKNOWN", }, title: "Laravel has a File Validation Bypass", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-27515", datePublished: "2025-03-05T18:45:50.101Z", dateReserved: "2025-02-26T18:11:52.307Z", dateUpdated: "2025-03-05T18:59:49.627Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52301
Vulnerability from cvelistv5
Published
2024-11-12 19:32
Modified
2024-12-21 17:02
Severity ?
EPSS score ?
Summary
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "framework", vendor: "laravel", versions: [ { lessThan: "6.20.45", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "7.0.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "7.30.7", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "8.0.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "8.83.28", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "9.0.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "9.52.17", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "10.0.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "10.48.23", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "11.0.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "11.31.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52301", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:51:08.466106Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:14:52.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-21T17:02:39.839Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "framework", vendor: "laravel", versions: [ { status: "affected", version: "< 6.20.45", }, { status: "affected", version: ">= 7.0.0, < 7.30.7", }, { status: "affected", version: ">= 8.0.0, < 8.83.28", }, { status: "affected", version: ">= 9.0.0, < 9.52.17", }, { status: "affected", version: ">= 10.0.0, < 10.48.23", }, { status: "affected", version: ">= 11.0.0, < 11.31.0", }, ], }, ], descriptions: [ { lang: "en", value: "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T19:32:14.415Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h", }, ], source: { advisory: "GHSA-gv7v-rgg6-548h", discovery: "UNKNOWN", }, title: "Laravel allows environment manipulation via query string", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-52301", datePublished: "2024-11-12T19:32:14.415Z", dateReserved: "2024-11-06T19:00:26.396Z", dateUpdated: "2024-12-21T17:02:39.839Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43617
Vulnerability from cvelistv5
Published
2021-11-14 15:32
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:03:08.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-17T17:17:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", }, { tags: [ "x_refsource_MISC", ], url: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", }, { tags: [ "x_refsource_MISC", ], url: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-43617", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", refsource: "MISC", url: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", }, { name: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", refsource: "MISC", url: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", }, { name: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", refsource: "MISC", url: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43617", datePublished: "2021-11-14T15:32:39", dateReserved: "2021-11-14T00:00:00", dateUpdated: "2024-08-04T04:03:08.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-13918
Vulnerability from cvelistv5
Published
2025-03-10 10:02
Modified
2025-03-10 17:02
Severity ?
EPSS score ?
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Version: 11.9.0 < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-13918", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T12:55:25.311761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T12:55:46.178Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-10T17:02:40.794Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/03/10/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Laravel Framework", repo: "https://github.com/laravel/framework", vendor: "Laravel Holdings Inc.", versions: [ { lessThanOrEqual: "11.35.1", status: "affected", version: "11.9.0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The application must run with debug-mode enabled (<tt>APP_DEBUG=true</tt>).", }, ], value: "The application must run with debug-mode enabled (APP_DEBUG=true).", }, ], credits: [ { lang: "en", type: "finder", value: "Fabian Funder (SBA Research)", }, { lang: "en", type: "finder", value: "Philipp Adelsberger (SBA Research)", }, { lang: "en", type: "finder", value: "Jeremy Angele", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.", }, ], value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-10T10:02:29.530Z", orgId: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", shortName: "sba-research", }, references: [ { tags: [ "third-party-advisory", ], url: "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page", }, { tags: [ "patch", ], url: "https://github.com/laravel/framework/pull/53869", }, { tags: [ "release-notes", ], url: "https://github.com/laravel/framework/releases/tag/v11.36.0", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to version 11.36.0 or later.", }, ], value: "Update to version 11.36.0 or later.", }, ], source: { discovery: "UNKNOWN", }, title: "Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that the application does not run in debug-mode by setting <tt>APP_DEBUG=false</tt> in your configuration.", }, ], value: "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", assignerShortName: "sba-research", cveId: "CVE-2024-13918", datePublished: "2025-03-10T10:02:29.530Z", dateReserved: "2025-03-04T18:11:33.625Z", dateUpdated: "2025-03-10T17:02:40.794Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-21263
Vulnerability from cvelistv5
Published
2021-01-19 19:40
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x | x_refsource_CONFIRM | |
| https://github.com/laravel/framework/pull/35865 | x_refsource_MISC | |
| https://blog.laravel.com/security-laravel-62011-7302-8221-released | x_refsource_MISC | |
| https://packagist.org/packages/laravel/framework | x_refsource_MISC | |
| https://packagist.org/packages/illuminate/database | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:09:14.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/laravel/framework/pull/35865", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.laravel.com/security-laravel-62011-7302-8221-released", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packagist.org/packages/laravel/framework", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packagist.org/packages/illuminate/database", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "framework", vendor: "laravel", versions: [ { status: "affected", version: ">= 6.0.0, < 6.20.11", }, { status: "affected", version: ">= 7.0.0, < 7.30.2", }, { status: "affected", version: ">= 8.0.0, < 8.22.1", }, ], }, ], descriptions: [ { lang: "en", value: "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-19T19:40:18", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/laravel/framework/pull/35865", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.laravel.com/security-laravel-62011-7302-8221-released", }, { tags: [ "x_refsource_MISC", ], url: "https://packagist.org/packages/laravel/framework", }, { tags: [ "x_refsource_MISC", ], url: "https://packagist.org/packages/illuminate/database", }, ], source: { advisory: "GHSA-3p32-j457-pg5x", discovery: "UNKNOWN", }, title: "Query Binding Exploitation in Laravel", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-21263", STATE: "PUBLIC", TITLE: "Query Binding Exploitation in Laravel", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "framework", version: { version_data: [ { version_value: ">= 6.0.0, < 6.20.11", }, { version_value: ">= 7.0.0, < 7.30.2", }, { version_value: ">= 8.0.0, < 8.22.1", }, ], }, }, ], }, vendor_name: "laravel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x", refsource: "CONFIRM", url: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x", }, { name: "https://github.com/laravel/framework/pull/35865", refsource: "MISC", url: "https://github.com/laravel/framework/pull/35865", }, { name: "https://blog.laravel.com/security-laravel-62011-7302-8221-released", refsource: "MISC", url: "https://blog.laravel.com/security-laravel-62011-7302-8221-released", }, { name: "https://packagist.org/packages/laravel/framework", refsource: "MISC", url: "https://packagist.org/packages/laravel/framework", }, { name: "https://packagist.org/packages/illuminate/database", refsource: "MISC", url: "https://packagist.org/packages/illuminate/database", }, ], }, source: { advisory: "GHSA-3p32-j457-pg5x", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-21263", datePublished: "2021-01-19T19:40:18", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-03T18:09:14.909Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-13919
Vulnerability from cvelistv5
Published
2025-03-10 10:03
Modified
2025-03-10 17:02
Severity ?
EPSS score ?
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Framework |
Version: 11.9.0 < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-13919", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T12:38:06.695003Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T12:41:35.550Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-10T17:02:42.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/03/10/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Laravel Framework", repo: "https://github.com/laravel/framework", vendor: "Laravel Holdings Inc.", versions: [ { lessThanOrEqual: "11.35.1", status: "affected", version: "11.9.0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The application must run with debug-mode enabled (<tt>APP_DEBUG=true</tt>).", }, ], value: "The application must run with debug-mode enabled (APP_DEBUG=true).", }, ], credits: [ { lang: "en", type: "finder", value: "Fabian Funder (SBA Research)", }, { lang: "en", type: "finder", value: "Philipp Adelsberger (SBA Research)", }, { lang: "en", type: "finder", value: "Jeremy Angele", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.", }, ], value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-10T10:03:01.374Z", orgId: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", shortName: "sba-research", }, references: [ { tags: [ "third-party-advisory", ], url: "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page", }, { tags: [ "patch", ], url: "https://github.com/laravel/framework/pull/53869", }, { tags: [ "release-notes", ], url: "https://github.com/laravel/framework/releases/tag/v11.36.0", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to version 11.36.0 or later.", }, ], value: "Update to version 11.36.0 or later.", }, ], source: { discovery: "UNKNOWN", }, title: "Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that the application does not run in debug-mode by setting <tt>APP_DEBUG=false</tt> in your configuration.", }, ], value: "Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", assignerShortName: "sba-research", cveId: "CVE-2024-13919", datePublished: "2025-03-10T10:03:01.374Z", dateReserved: "2025-03-04T18:11:39.565Z", dateUpdated: "2025-03-10T17:02:42.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-12-20 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A114BA47-F86F-4997-AF13-F02E7B540333", versionEndExcluding: "5.8.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.", }, { lang: "es", value: "Una vulnerabilidad de inyección de comandos en el enlace de la función Filesystem.php en Laravel Framework versiones anteriores a 5.8.17", }, ], id: "CVE-2020-19316", lastModified: "2024-11-21T05:09:08.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-20T20:15:07.593", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-28 16:29
Modified
2024-11-21 04:10
Severity ?
Summary
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md | Product, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:5.4.15:*:*:*:*:*:*:*", matchCriteriaId: "22501CD0-D334-4C89-AF9F-A742D11CAED1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.", }, { lang: "es", value: "Laravel, en su versión 5.4.15, es vulnerable a inyección SQL basada en errores en save.php mediante los parámetros dhx_user y dhx_version.", }, ], id: "CVE-2018-6330", lastModified: "2024-11-21T04:10:29.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-28T16:29:00.487", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-14 16:15
Modified
2024-11-21 06:29
Severity ?
Summary
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "702DB0C0-CE3A-4377-8A36-D6124A23CAAA", versionEndIncluding: "8.70.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.", }, { lang: "es", value: "Laravel Framework hasta la versión 8.70.2 no bloquea suficientemente la subida de contenido PHP ejecutable porque Illuminate/Validation/Concerns/ValidatesAttributes.php carece de una comprobación para los archivos .phar, que se manejan como application/x-httpd-php en sistemas basados en Debian. NOTA: este registro CVE es para Laravel Framework, y no está relacionado con ningún informe sobre aplicaciones de usuario escritas incorrectamente para la carga de imágenes", }, ], id: "CVE-2021-43617", lastModified: "2024-11-21T06:29:31.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-14T16:15:08.610", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 21:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ephort.dk/blog/laravel-timing-attack-vulnerability/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/ephort/laravel-user-enumeration-demo | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/pull/44069 | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/laravel/framework/releases/tag/v9.32.0 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ephort.dk/blog/laravel-timing-attack-vulnerability/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ephort/laravel-user-enumeration-demo | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/pull/44069 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laravel/framework/releases/tag/v9.32.0 | Release Notes |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "E4552441-3DC8-4890-B731-4F34868C15C8", versionEndExcluding: "9.32.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist.", }, ], id: "CVE-2022-40482", lastModified: "2025-02-03T21:15:11.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-25T19:15:10.180", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://ephort.dk/blog/laravel-timing-attack-vulnerability/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ephort/laravel-user-enumeration-demo", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/laravel/framework/pull/44069", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/laravel/framework/releases/tag/v9.32.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://ephort.dk/blog/laravel-timing-attack-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ephort/laravel-user-enumeration-demo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/laravel/framework/pull/44069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/laravel/framework/releases/tag/v9.32.0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-08 00:15
Modified
2024-11-21 06:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "008F1411-5AC5-4BB3-9BB4-C873D9D4CB2C", versionEndExcluding: "6.20.42", vulnerable: true, }, { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "6B26BF29-BEB7-44FF-A39F-A103C30B0726", versionEndExcluding: "7.30.6", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "15E8F817-7A3D-40D4-9DCB-FBC8FD7CE3F7", versionEndExcluding: "8.75.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.", }, { lang: "es", value: "Laravel es un framework de aplicaciones web. Laravel versiones anteriores a 8.75.0, 7.30.6 y 6.20.42, contiene una posible vulnerabilidad de tipo cross-site scripting (XSS) en el motor de plantillas Blade. Puede hacerse clic en un elemento HTML roto y llevar al usuario a otra ubicación en su navegador debido a un ataque de tipo XSS. Esto es debido a que el usuario puede adivinar el hash SHA-1 del marcador de posición padre al probar los nombres comunes de las secciones. Si la plantilla padre contiene una estructura HTML explotable puede exponerse una vulnerabilidad de tipo XSS. Esta vulnerabilidad ha sido parcheada en las versiones 8.75.0, 7.30.6 y 6.20.42 determinando el marcador de posición padre en tiempo de ejecución y usando un hash aleatorio que es único para cada petición", }, ], id: "CVE-2021-43808", lastModified: "2024-11-21T06:29:50.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-08T00:15:07.683", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39906", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39908", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39909", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v6.20.42", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v7.30.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v8.75.0", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39906", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39908", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/laravel/framework/pull/39909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v6.20.42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v7.30.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/laravel/framework/releases/tag/v8.75.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-10 10:15
Modified
2025-03-24 14:15
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18", versionEndExcluding: "11.36.0", versionStartIncluding: "11.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.", }, { lang: "es", value: "Las versiones del framework Laravel entre 11.9.0 y 11.35.1 son susceptibles a cross-site scripting reflejado debido a una codificación incorrecta de los parámetros de solicitud en la página de error del modo de depuración.", }, ], id: "CVE-2024-13918", lastModified: "2025-03-24T14:15:59.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.8, source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-10T10:15:10.280", references: [ { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/laravel/framework/pull/53869", }, { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Release Notes", ], url: "https://github.com/laravel/framework/releases/tag/v11.36.0", }, { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Exploit", ], url: "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2025/03/10/3", }, ], sourceIdentifier: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-10 10:15
Modified
2025-03-24 14:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18", versionEndExcluding: "11.36.0", versionStartIncluding: "11.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.", }, { lang: "es", value: "Las versiones del framework Laravel entre 11.9.0 y 11.35.1 son susceptibles a cross-site scripting reflejado debido a una codificación incorrecta de los parámetros de ruta en la página de error del modo de depuración.", }, ], id: "CVE-2024-13919", lastModified: "2025-03-24T14:14:53.337", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.8, source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-10T10:15:13.890", references: [ { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/laravel/framework/pull/53869", }, { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Release Notes", ], url: "https://github.com/laravel/framework/releases/tag/v11.36.0", }, { source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", tags: [ "Exploit", ], url: "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2025/03/10/4", }, ], sourceIdentifier: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }