CVE-2021-21263

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.20.11 Laravel versions prior to 7.30.2 Laravel versions prior to 8.22.1

Description: The issue concerns a query binding exploitation in Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. This could lead to no results being returned by the query builder or, in certain situations, cause the query to return unexpected results.

Recommendations: For versions prior to 6.20.11, update to version 6.20.11 or later to resolve the issue. For versions prior to 7.30.2, update to version 7.30.2 or later to resolve the issue. For versions prior to 8.22.1, update to version 8.22.1 or later to resolve the issue. As a temporary workaround, consider validating and casting input to its expected type before passing it to the query builder to minimize the risk of exploitation.