Описание
Unserialized Pop Chain in Laravel
Withdrawn
This advisory has been withdrawn because it is not a security issue and the CVE has been revoked.
Original Description
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.
Пакеты
Наименование
laravel/laravel
composer
Затронутые версииВерсия исправления
<= 9.1.8
Отсутствует
Связанные уязвимости
nvd
больше 3 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none