GHSA-86r3-4gq8-xw8q

Опубликовано: 09 апр. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Remote Code Execution in Laravel

Withdrawn

This advisory has been withdrawn because it is not a security issue and the CVE has been revoked.

Original Description

A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.

Ссылки

Пакеты

Наименование

laravel/laravel

composer

Затронутые версииВерсия исправления

<= 5.8.38

Отсутствует

9.8 Critical

CVSS3

CVE ID

CVE-2021-43503

Дефекты

CWE-502

Связанные уязвимости

CVE-2021-43503

ubuntu

почти 4 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

CVE-2021-43503

nvd

почти 4 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

9.8 Critical

CVSS3

CVE ID

CVE-2021-43503

Дефекты

CWE-502