Lucene search
GoogleOSV:CVE-2021-43617HistoryNov 14, 2021 - 4:15 p.m.
CVE-2021-43617
2021-11-1416:15:08
Google
osv.dev
3
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
References
github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333
salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6
salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8
Related
cnvd
cnvd
Laravel Framework has an unspecified vulnerability
2021-11-16 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2021-11-15 10:17:49
ubuntucve
ubuntucve
CVE-2021-43617
2021-11-14 00:00:00
friendsofphp
friendsofphp
Image upload bypass
2021-11-18 02:10:57
cve
cve
CVE-2021-43617
2021-11-14 16:15:08
prion
prion
Input validation
2021-11-14 16:15:00
githubexploit
githubexploit
debiancve
debiancve
CVE-2021-43617
2021-11-14 16:15:08
cvelist
cvelist
CVE-2021-43617
2021-11-14 15:32:39
nvd
nvd
CVE-2021-43617
2021-11-14 16:15:08
github
github