Описание
Guard bypass in Eloquent models affecting Laravel illuminate database component
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment.
Пакеты
Наименование
illuminate/database
composer
Затронутые версииВерсия исправления
>= 5.5.0, <= 5.5.44
Отсутствует
Наименование
illuminate/database
composer
Затронутые версииВерсия исправления
>= 6.0.0, < 6.18.34
6.18.34
Наименование
illuminate/database
composer
Затронутые версииВерсия исправления
>= 7.0.0, < 7.23.2
7.23.2
Связанные уязвимости
CVSS3: 7.5
nvd
почти 5 лет назад
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
CVSS3: 7.5
debian
почти 5 лет назад
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...