8 matches found
GHSA-44PG-C29V-HP6R Laravel Guard bypass in Eloquent models
In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...
Laravel Guard bypass in Eloquent models
In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...
Laravel SQL注入漏洞
Laravel is a web application framework from the Laravel community. A security vulnerability exists in laravel-jqgrid, which stems from a problem with the function getRows in the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php, which can lead to sql injection...
GHSA-C7RM-W2HJ-X8G3 Guard bypass in Eloquent models affecting Laravel illuminate database component
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment...
Guard bypass in Eloquent models affecting Laravel illuminate database component
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment...
Denial Of Service (DoS)
laravel/laravel is vulnerable to denial of service DoS. It is possible because it allows mass assignment of Eloquent attributes that included the model's table name...
Guard bypass in Eloquent models
More info at https://blog.laravel.com/security-release-laravel-61834-7232...
Guard bypass in Eloquent models
More info at https://blog.laravel.com/security-release-laravel-61834-7232...