CVE-2020-24940

Опубликовано: 04 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.

Ссылки

https://blog.laravel.com/security-release-laravel-61834-7232
Vendor Advisory
https://blog.laravel.com/security-release-laravel-61834-7232
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*

Версия до 6.18.34 (исключая)

cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.23.2 (исключая)

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-24940

CVSS3: 7.5

debian

почти 5 лет назад

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...

GHSA-c7rm-w2hj-x8g3

CVSS3: 7.5

github

около 3 лет назад

Guard bypass in Eloquent models affecting Laravel illuminate database component

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20