Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-43617

Опубликовано: 14 нояб. 2021
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 7.5
CVSS3: 9.8

Описание

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

РелизСтатусПримечание
hirsute

ignored

end of life
trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.50067
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-43617

CVSS3: 9.8
nvd
около 4 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

debian логотип

CVE-2021-43617

CVSS3: 9.8
debian
около 4 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the uploa ...

github логотип

GHSA-364w-9g92-3grq

github
около 4 лет назад

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

fstec логотип

BDU:2021-06021

CVSS3: 9.8
fstec
около 4 лет назад

Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.50067
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3