Framework Security Vulnerabilities and Issues — Framework CVE List

Lucene search

LaravelFramework

4 matches found

CVE•added 2021/01/19 8:15 p.m.•140 views

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an a...

7.2CVSS5.3AI score0.02179EPSS

CVE•added 2021/11/14 4:15 p.m.•119 views

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Larav...

9.8CVSS9.4AI score0.50067EPSS

CVE•added 2021/12/08 12:15 a.m.•94 views

CVE-2021-43808

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is ...

6.1CVSS5.4AI score0.00359EPSS

CVE•added 2021/12/20 8:15 p.m.•89 views

CVE-2020-19316

OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.

8.8CVSS8.8AI score0.04286EPSS