GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...

Remote Code Execution (RCE)

laravel/framework is vulnerable to remote code execution. The vulnerability exists in the destruct function in PendingBroadcast.php due to insecure deserialization of trusted data which allows an attacker to inject maliciously crafted script into the system...