CVE-2022-30778

Name of the Vulnerable Software and Affected Versions Laravel version 9.1.8

Description The issue is related to the implementation of the destruct() function and the dispatch($command) method in the Laravel PHP framework, which is connected to weaknesses in the deserialization mechanism. This can allow a remote attacker to execute arbitrary code by exploiting the vulnerability through an unserialize pop chain in destruct in IlluminateBroadcastingPendingBroadcast.php and dispatch($command) in IlluminateBusQueueingDispatcher.php.

Recommendations For Laravel version 9.1.8, update to a version that includes a fix for this issue to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.