CVE-2022-30778

Опубликовано: 16 мая 2022

Источник: nvd

Описание

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Связанные уязвимости

GHSA-42mf-g9wr-grvh

CVSS3: 9.8

github

около 3 лет назад

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php.

BDU:2022-03374

CVSS3: 9.8

fstec

около 3 лет назад

Уязвимость реализации функций __destruct() и dispatch($command) PHP-фреймворка Laravel, позволяющая нарушителю выполнить произвольный код