Lucene search

VulDBCVE-2022-2886

HistoryAug 19, 2022 - 12:15 p.m.

CVE-2022-2886

2022-08-1912:15:08

CWE-502

VulDB

web.nvd.nist.gov

security

vulnerability

laravel 5.1

deserialization

cve-2022-2886

nvd

vdb-206688

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.

Affected configurations

Nvd

Vulners

Node

laravellaravelRange5.1.0–5.1.46

VendorProductVersionCPE
laravellaravel*cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
laravel	laravel	*	cpe:2.3:a:laravel:laravel::::::::

CNA Affected

[
  {
    "product": "Laravel",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      }
    ]
  }
]

References

github.com/beicheng-maker/vulns/issues/3

vuldb.com/?id.206688

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

Related for CVE-2022-2886