Laravel RCE vulnerability in "cookie" session driver

2024-05-1522:16:52

Google

osv.dev

laravel

rce

vulnerability

session driver

encryption oracle

remote code execution

application

encryption string

plain-text

session payload

8.2 High

AI Score

Confidence

Low

JSON

Applications using the “cookie” session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the “cookie” driver.

CPENameOperatorVersion
laravel/frameworkeq5.8.18
laravel/frameworkeq5.2.44
laravel/frameworkeq7.16.0
laravel/frameworkeq5.1.7
laravel/frameworkeq4.1.12
laravel/frameworkeq5.1.28
laravel/frameworkeq5.6.5
laravel/frameworkeq5.5.19
laravel/frameworkeq7.3.0
laravel/frameworkeq5.0.8

Name	Operator	Version
laravel/framework	eq	5.8.18
laravel/framework	eq	5.2.44
laravel/framework	eq	7.16.0
laravel/framework	eq	5.1.7
laravel/framework	eq	4.1.12
laravel/framework	eq	5.1.28
laravel/framework	eq	5.6.5
laravel/framework	eq	5.5.19
laravel/framework	eq	7.3.0
laravel/framework	eq	5.0.8

Rows per page:

1-10 of 5341

References

blog.laravel.com/laravel-cookie-security-releases

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2020-07-27-1.yaml

github.com/laravel/framework

8.2 High

AI Score

Confidence

Low

JSON