ghsa-8vwh-pr89-4mw2
Vulnerability from github
Published
2024-12-13 20:35
Modified
2024-12-17 18:07
Severity ?
Summary
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
Details
A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public remember()
method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries
trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application.
Impact
An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method that meets the following criteria:
- The callable is a function or static method
- The callable has no parameters or no strict parameter types
Vulnerable Components
- The
remember(callable $query, string $key = '')
method inLaravel\Pulse\Livewire\Concerns\RemembersQueries
- Affects all Pulse card components that use this trait
Attack Vectors
The vulnerability can be exploited through Livewire component interactions, for example:
php
wire:click="remember('\\Illuminate\\Support\\Facades\\Config::all', 'config')"
Credit
Thank you to Jeremy Angele for reporting this vulnerability.
{ "affected": [ { "package": { "ecosystem": "Packagist", "name": "laravel/pulse" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.3.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-55661" ], "database_specific": { "cwe_ids": [ "CWE-94" ], "github_reviewed": true, "github_reviewed_at": "2024-12-13T20:35:43Z", "nvd_published_at": "2024-12-13T16:15:27Z", "severity": "HIGH" }, "details": "A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public `remember()` method in the `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. \n\n### Impact\n\nAn authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method that meets the following criteria:\n\n- The callable is a function or static method\n- The callable has no parameters or no strict parameter types\n\n### Vulnerable Components\n\n- The `remember(callable $query, string $key = \u0027\u0027)` method in `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries`\n- Affects all Pulse card components that use this trait\n\n### Attack Vectors\n\nThe vulnerability can be exploited through Livewire component interactions, for example:\n\n```php\nwire:click=\"remember(\u0027\\\\Illuminate\\\\Support\\\\Facades\\\\Config::all\u0027, \u0027config\u0027)\"\n```\n\n### Credit\n\nThank you to Jeremy Angele for reporting this vulnerability.\n", "id": "GHSA-8vwh-pr89-4mw2", "modified": "2024-12-17T18:07:21Z", "published": "2024-12-13T20:35:43Z", "references": [ { "type": "WEB", "url": "https://github.com/laravel/pulse/security/advisories/GHSA-8vwh-pr89-4mw2" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55661" }, { "type": "WEB", "url": "https://github.com/laravel/pulse/commit/d1a5bf2eca36c6e3bedb4ceecd45df7d002a1ebc" }, { "type": "PACKAGE", "url": "https://github.com/laravel/pulse" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "Laravel Pulse Allows Remote Code Execution via Unprotected Query Method" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.