CVE-2024-52301

Published: Nov 12, 2024

Modified: Dec 21, 2024

PUBLISHED

Description

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Vendor	Product	Versions
laravel	framework	affected `< 6.20.45` affected `>= 7.0.0, < 7.30.7` affected `>= 8.0.0, < 8.83.28` affected `>= 9.0.0, < 9.52.17` affected `>= 10.0.0, < 10.48.23` +1 more versions

Weaknesses (CWE)

CWE-88

References

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-52301

Description

Affected Products

Weaknesses (CWE)

References