2 matches found
CVE-2021-3129
CVE-2021-3129 affects Laravel Ignition (and Laravel < 8.4.2) where insecure use of file_get_contents()/file_put_contents in debug mode allows unauthenticated RCE. Exploitable versions: Laravel Ignition < 2.5.2 and Laravel
CVE-2021-43996
CVE-2021-43996 concerns the Laravel Ignition component. The issue is that the built-in “fix variable names” feature in Ignition prior to version 1.16.15, and in the 2.0.x branch prior to 2.0.6, can lead to incorrect access control. Affected versions are: Laravel Ignition before 1.16.15, and 2.0.x...