PT-2023-12125 · Laravel · Laravel

S1Mple

Publicado

2023-04-18

Atualizado

2024-03-06

CVE-2021-28254

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Laravel version 8.5.9

Description A deserialization vulnerability in the destruct() function allows attackers to execute arbitrary commands.

Recommendations For Laravel version 8.5.9, consider disabling the destruct() function until a patch is available.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

BIT-LARAVEL-2021-28254

CVE-2021-28254

Laravel