Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-43617

Опубликовано: 14 нояб. 2021
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5
CVSS3: 9.8

Описание

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

РелизСтатусПримечание
hirsute

ignored

end of life
trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-43617

CVSS3: 9.8
nvd
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

debian логотип

CVE-2021-43617

CVSS3: 9.8
debian
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the uploa ...

github логотип

GHSA-364w-9g92-3grq

github
больше 3 лет назад

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

fstec логотип

BDU:2021-06021

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код

7.5 High

CVSS2

9.8 Critical

CVSS3