Framework@8.0.0 Security Vulnerabilities and Issues — Framework@8.0.0 CVE List

Lucene search

LaravelFramework8.0.0

3 matches found

CVE•added 2024/11/12 8:15 p.m.•398 views

CVE-2024-52301

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, ...

8.7CVSS6.8AI score0.18401EPSS

Web

CVE•added 2021/12/08 12:15 a.m.•99 views

CVE-2021-43808

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is ...

6.1CVSS5.4AI score0.00359EPSS

CVE•added 2023/04/25 7:15 p.m.•80 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user...

5.3CVSS5.3AI score0.00298EPSS