Laravel — веб-фреймворк с открытым кодом, предназначенный для разработки с использованием архитектурной модели MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 38
BDU:2025-02575
Уязвимость режима Debug Mode PHP-фреймворка Laravel, позволяющая нарушителю проводить межсайтовые сценарные атаки
BDU:2024-10010
Уязвимость конфигурации register_argc_argv = On PHP-фреймворка Laravel, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
BDU:2024-03797
Уязвимость PHP-фреймворка Laravel, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-5hq5-9pj6-4c2r
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
CVE-2021-28254
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
GHSA-7236-phg4-48mj
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.
CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.
CVE-2022-2886
A vulnerability, which was classified as critical, was found in Larave ...
GHSA-g4q4-r6rr-r4w2
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-02575 Уязвимость режима Debug Mode PHP-фреймворка Laravel, позволяющая нарушителю проводить межсайтовые сценарные атаки | CVSS3: 8 | 0% Низкий | 7 месяцев назад |
| BDU:2024-10010 Уязвимость конфигурации register_argc_argv = On PHP-фреймворка Laravel, позволяющая нарушителю оказать воздействие на целостность защищаемой информации | CVSS3: 7.5 | 10% Низкий | 7 месяцев назад |
| BDU:2024-03797 Уязвимость PHP-фреймворка Laravel, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 3.5 | 8% Низкий | около 1 года назад |
| GHSA-5hq5-9pj6-4c2r A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | CVSS3: 9.8 | 0% Низкий | около 2 лет назад |
 | CVE-2021-28254 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | CVSS3: 9.8 | 0% Низкий | около 2 лет назад |
| GHSA-7236-phg4-48mj A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| CVE-2022-2886 A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688. | CVSS3: 5 | 0% Низкий | почти 3 года назад |
| CVE-2022-2886 A vulnerability, which was classified as critical, was found in Larave ... | CVSS3: 5 | 0% Низкий | почти 3 года назад |
| GHSA-g4q4-r6rr-r4w2 A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
| CVE-2022-2870 A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability. | CVSS3: 4.1 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу