Laravel: >> Laravel >> 5.5.47 Security Vulnerabilities
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-01-12
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-04
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-04