7 matches found
Remote Code Execution (RCE)
laravel/framework is vulnerable to Remote Code Execution RCE. The vulnerability is caused by an encryption oracle exposed by applications using the "cookie" session driver, allowing attackers to craft Laravel session payloads by generating valid signed encryption strings for any plain-text string...
GHSA-QM5C-M76R-2HFR Laravel RCE vulnerability in "cookie" session driver
Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the use...
GHSA-2FFV-R4R9-R8XR Laravel RCE vulnerability in "cookie" session driver
Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie"...
Laravel RCE vulnerability in "cookie" session driver
Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie"...
PT-2024-40434 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns applications that use the "cookie" session driver and expose an encryption oracle, allowing for remote code execution. An encryption oracle is a mechanism where arbitrary...
RCE vulnerability in "cookie" session driver
More info at https://blog.laravel.com/laravel-cookie-security-releases...
RCE vulnerability in "cookie" session driver
More info at https://blog.laravel.com/laravel-cookie-security-releases...