logo

Database

Lack of data validation In facade/ignition

Description

Critical severity vulnerability in Ignition The Ignition page before version 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env.

NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-139092. NVD-2020-139093. OSV-2020-139094. GCVE-2020-13909

References

1. https://github.com/github/advisory-database/issues/23162. https://github.com/facade/ignition/compare/2.0.4...2.0.53. https://github.com/facade/ignition/releases/tag/2.0.54. https://www.cve.org/CVERecord?id=CVE-2020-13909

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.