17 matches found
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
Deserialization of Untrusted Data
Overview laravel/reverb is a provider of a real-time WebSocket communication backend for Laravel applications. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in PusherPubSubIncomingMessageHandler.php. An attacker can execute...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb (laravel/reverb) prior to v1.7.0 is exposed to Remote Code Execution when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true) because data from the Redis channel is deserialized with PHP unserialize() without class restrictions. Affected versions are v1.6.3 and below; vulne...
GHSA-M27R-M6RX-MHM4 Laravel Redis Horizontal Scaling Insecure Deserialization
Impact This vulnerability affects Laravel Reverb versions prior to v1.7.0 when horizontal scaling is enabled REVERBSCALINGENABLED=true. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication. With horizontal scaling enabled, Reverb...
PT-2026-3792
Name of the Vulnerable Software and Affected Versions Laravel Reverb versions 1.6.3 and below Description Laravel Reverb, a real-time WebSocket communication backend for Laravel applications, has an issue where it passes data from the Redis channel directly into PHP’s unserialize function without...
Laravel Reverb code issue vulnerabilities
Laravel Reverb is a library open sourced from The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. Versions of Laravel Reverb 1.6.3 and earlier have code vulnerabilities; these vulnerabilities stem from the direct transmission of data to the deserialization...
EUVD-2024-3098
Malicious code in bioql PyPI...
Signature Verification Bypass
laravel/reverb is vulnerable to a verification signature bypass. The vulnerability is due to missing verification of request signatures for the Pusher-compatible API endpoints, allows unauthorized requests to bypass security checks and potentially access sensitive functionality...
Insufficient Verification of Data Authenticity
Overview laravel/reverb is a provider of a real-time WebSocket communication backend for Laravel applications. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the verification of API signatures. An attacker can manipulate the API by sendi...
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
CVE-2024-50347
Laravel Reverb prior to 1.4.0 has a verification signature issue affecting the Pusher-compatible API endpoints (not the WebSocket connections). The vulnerability allows an attacker to submit requests with forged/unverified signatures, potentially influencing endpoints such as POST /events, GET /c...
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
Laravel Reverb 数据伪造问题漏洞
Laravel Reverb is an open source library for The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. A data forgery issue vulnerability exists in Laravel Reverb versions prior to 1.4.0, which stems from a failure to validate the authentication signature of...