3 matches found
CVE-2021-3129
CVE-2021-3129 affects Laravel Ignition (and Laravel < 8.4.2) where insecure use of file_get_contents()/file_put_contents in debug mode allows unauthenticated RCE. Exploitable versions: Laravel Ignition < 2.5.2 and Laravel
CVE-2020-13909
The Ignition component for Laravel is affected by CVE-2020-13909 (and related CVE-2021-43996). Root cause: the fix variable names feature can cause incorrect access control by mishandling certain globals/variables, leading to elevation of privilege. Affected versions include pre-2.0.5 and pre-2.0...
CVE-2021-43996
CVE-2021-43996 concerns the Laravel Ignition component. The issue is that the built-in “fix variable names” feature in Ignition prior to version 1.16.15, and in the 2.0.x branch prior to 2.0.6, can lead to incorrect access control. Affected versions are: Laravel Ignition before 1.16.15, and 2.0.x...