laravel/framework is vulnerable to remote code execution (RCE). It can occur because there is an unserialized call on the potentially untrusted X-XSRF-TOKEN
value. The attacker can execute arbitrary code when decrypting certain files if they have access to the application key.