CVE-2024-52301

Sažetak

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Reference

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
https://lists.debian.org/debian-lts-announce/2024/12/msg00019.html

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-12-2024 - 17:15

Objavljeno

12-11-2024 - 20:15