GHSA-w3g5-5333-vj8w

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-30779
https://github.com/1nhann/vulns/issues/2

9.8 Critical

CVSS3

CVE ID

CVE-2022-30779

Дефекты

CWE-502

Связанные уязвимости

CVE-2022-30779

nvd

больше 3 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

9.8 Critical

CVSS3

CVE ID

CVE-2022-30779

Дефекты

CWE-502