Laravel — веб-фреймворк с открытым кодом, предназначенный для разработки с использованием архитектурной модели MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 39
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic ...
GHSA-c7rm-w2hj-x8g3
Guard bypass in Eloquent models affecting Laravel illuminate database component
GHSA-rc8x-jrrc-frfv
Laravel does not properly constrain the host portion of a password-reset URL
GHSA-c2v7-j5gq-wcq4
Laravel Sensitive Data Exposure
GHSA-2v4r-7m2m-5chh
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
GHSA-qvqm-h22r-4cp9
Laravel Framework RCE Vulnerability
BDU:2022-03374
Уязвимость реализации функций __destruct() и dispatch($command) PHP-фреймворка Laravel, позволяющая нарушителю выполнить произвольный код
BDU:2021-06021
Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код
GHSA-w68r-5p45-5rqp
Improper Input Validation in Laravel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-2870 A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability. | CVSS3: 4.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-2870 A vulnerability was found in laravel 5.1 and classified as problematic ... | CVSS3: 4.1 | 0% Низкий | больше 3 лет назад |
| GHSA-c7rm-w2hj-x8g3 Guard bypass in Eloquent models affecting Laravel illuminate database component | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-rc8x-jrrc-frfv Laravel does not properly constrain the host portion of a password-reset URL | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-c2v7-j5gq-wcq4 Laravel Sensitive Data Exposure | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-2v4r-7m2m-5chh In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework. | CVSS3: 7.5 | 89% Высокий | больше 3 лет назад |
| GHSA-qvqm-h22r-4cp9 Laravel Framework RCE Vulnerability | CVSS3: 8.1 | 86% Высокий | больше 3 лет назад |
 | BDU:2022-03374 Уязвимость реализации функций __destruct() и dispatch($command) PHP-фреймворка Laravel, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | больше 3 лет назад | |
| BDU:2021-06021 Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 53% Средний | около 4 лет назад |
| GHSA-w68r-5p45-5rqp Improper Input Validation in Laravel | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу