Metrics
Affected Vendors & Products
Sat, 21 Dec 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Wed, 13 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Laravel
Laravel framework |
|
CPEs | cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:* | |
Vendors & Products |
Laravel
Laravel framework |
|
Metrics |
cvssV3_1
|
Tue, 12 Nov 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs. | |
Title | Laravel allows environment manipulation via query string | |
Weaknesses | CWE-88 | |
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-12T19:32:14.415Z
Updated: 2024-12-21T17:02:39.839Z
Reserved: 2024-11-06T19:00:26.396Z
Link: CVE-2024-52301
Updated: 2024-12-21T17:02:39.839Z
Status : Awaiting Analysis
Published: 2024-11-12T20:15:14.087
Modified: 2024-12-21T17:15:18.207
Link: CVE-2024-52301
No data.