Laravel RCE vulnerability in "cookie" session driver

2024-05-1522:16:52

GitHub Advisory Database

github.com

laravel

rce

vulnerability

cookie session

encryption oracle

remote code execution

encryption string

session payloads

8.2 High

AI Score

Confidence

Low

JSON

Applications using the “cookie” session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the “cookie” driver.

CPENameOperatorVersion
laravel/frameworklt7.22.4
laravel/frameworkge4.1.0
laravel/frameworklt6.18.31

Name	Operator	Version
laravel/framework	lt	7.22.4
laravel/framework	ge	4.1.0
laravel/framework	lt	6.18.31

References

blog.laravel.com/laravel-cookie-security-releases

github.com/advisories/GHSA-qm5c-m76r-2hfr

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2020-07-27-1.yaml

8.2 High

AI Score

Confidence

Low

JSON