CVE-2021-43617

Name of the Vulnerable Software and Affected Versions Laravel Framework versions through 8.70.2

Description The issue is related to the insufficient blocking of executable PHP content uploads. Specifically, Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. This may be related to file-type validation for image upload, including differences between getClientOriginalExtension and other approaches. The vulnerability could allow a remote attacker to execute arbitrary code.

Recommendations For Laravel Framework versions through 8.70.2, consider disabling the file upload functionality until a proper fix is applied, focusing on enhancing the validation for .phar files and ensuring proper handling of application/x-httpd-php files. Additionally, review and enhance file-type validation for image uploads to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.