GHSA-qm5c-m76r-2hfr – laravel/framework

Package

Manager: composer
Name: laravel/framework
Vulnerable Version: >=4.1.0 <6.18.31 || >=7.0.0 <7.22.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

Laravel RCE vulnerability in "cookie" session driver Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the "cookie" driver.

Metadata

Created: 2024-05-15T22:16:52Z
Modified: 2024-05-15T22:16:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-qm5c-m76r-2hfr/GHSA-qm5c-m76r-2hfr.json
CWE IDs: []
Alternative ID: N/A
Finding: F052
Auto approve: 1