Lucene search

VulDBCVELIST:CVE-2022-2886

HistoryAug 19, 2022 - 12:00 p.m.

CVE-2022-2886 Laravel deserialization

2022-08-1912:00:17

CWE-502

VulDB

www.cve.org

cve-2022-2886

laravel

deserialization

critical

vulnerability

remote attack

disclosure

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.

CNA Affected

[
  {
    "product": "Laravel",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      }
    ]
  }
]

References

github.com/beicheng-maker/vulns/issues/3

vuldb.com/?id.206688