CVE-2020-24940

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.

GHSA-c7rm-w2hj-x8g3

Guard bypass in Eloquent models affecting Laravel illuminate database component