CVE-2021-21263

🗓️ 19 Jan 2021 19:40:18Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 151 Views

Laravel web framework before 6.20.11, 7.30.2, 8.22.1 is vulnerable to query binding exploitation

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2021-21263	19 Jan 202122:25	–	circl
CNNVD	Laravel Framework SQL Injection Vulnerability	19 Jan 202100:00	–	cnnvd
Cvelist	CVE-2021-21263 Query Binding Exploitation in Laravel	19 Jan 202119:40	–	cvelist
Debian CVE	CVE-2021-21263	19 Jan 202119:40	–	debiancve
EUVD	EUVD-2021-0484	7 Oct 202500:30	–	euvd
Friends Of PHP	Unexpected bindings in QueryBuilder	13 Jan 202014:35	–	friendsofphp
Friends Of PHP	Unexpected bindings in QueryBuilder	13 Jan 202014:35	–	friendsofphp
Github Security Blog	Query Binding Exploitation	19 Jan 202119:36	–	github
NVD	CVE-2021-21263	19 Jan 202120:15	–	nvd
OSV	BIT-LARAVEL-2021-21263 Query Binding Exploitation in Laravel	6 Mar 202410:55	–	osv

NVD

Vulners

Node

laravel laravelRange6.0.0–6.20.11

laravel laravelRange7.0.0–7.30.2

laravel laravelRange8.0.0–8.22.1

[
  {
    "product": "framework",
    "vendor": "laravel",
    "versions": [
      {
        "status": "affected",
        "version": ">= 6.0.0, < 6.20.11"
      },
      {
        "status": "affected",
        "version": ">= 7.0.0, < 7.30.2"
      },
      {
        "status": "affected",
        "version": ">= 8.0.0, < 8.22.1"
      }
    ]
  }
]

Source	Link
packagist	www.packagist.org/packages/laravel/framework
packagist	www.packagist.org/packages/illuminate/database
github	www.github.com/laravel/framework/pull/35865
github	www.github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
blog	www.blog.laravel.com/security-laravel-62011-7302-8221-released

21 Nov 2024 05:47Current

5.3Medium risk

Vulners AI Score5.3

CVSS 25

CVSS 3.15.3 - 7.2

EPSS0.01139