pkg:composer/laravel/framework

Type composer

Namespace laravel

Name framework

Known advisories, vulnerabilities and fixes for framework package.

Repository: https://packagist.org/packages/laravel/framework

Critical 1

Medium 4

None 9

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 4.0.0, < 4.0.99 >= 4.1.0, < 4.1.26			PHP:LARAVEL-FRAMEWORK-2014-04-15	Hijacked authentication cookies vulnerability		2014-04-15T12:19:00 (10 years ago)
Affected	>= 4.0.0, < 4.0.99 >= 4.1.0, < 4.1.29			PHP:LARAVEL-FRAMEWORK-2014-05-20	Risk of mass-assignment vulnerabilities		2014-05-20T10:21:00 (10 years ago)
Affected	>= 5.4.0, <= 5.4.36 >= 5.5.0, < 5.5.10 >= 5.1.0, <= 5.1.46 >= 4.1.26, <= 4.1.31 >= 5.3.0, <= 5.3.31 >= 4.2.0, <= 4.2.22 >= 5.0.0, <= 5.0.35 >= 5.2.0, <= 5.2.45		CVE-2017-14775	PHP:LARAVEL-FRAMEWORK-2017-14775	Timing attack vector for remember me token	medium	2017-09-21T01:38:58 (7 years ago)
Affected	>= 5.3.0, <= 5.3.31 >= 5.4.0, < 5.4.22		CVE-2017-9303	PHP:LARAVEL-FRAMEWORK-2017-9303	Password reset phishing vulnerability	medium	2017-05-07T17:49:26 (7 years ago)
Affected	>= 4.2.0, <= 4.2.22 >= 5.0.0, <= 5.0.35 >= 5.6.0, < 5.6.15 >= 5.2.0, <= 5.2.45 >= 5.5.0, < 5.5.40 >= 5.4.0, <= 5.4.36 >= 4.0.0, <= 4.0.11 >= 5.1.0, <= 5.1.46 >= 4.1.0, <= 4.1.31 >= 5.3.0, <= 5.3.31			PHP:LARAVEL-FRAMEWORK-2018-03-30-1	Exploit of encryption failure vulnerability		2018-03-30T13:26:38 (6 years ago)
Affected	>= 5.3.0, <= 5.3.31 >= 5.1.0, <= 5.1.46 >= 4.1.0, <= 4.1.31 >= 5.4.0, <= 5.4.36 >= 5.5.0, < 5.5.42 >= 4.0.0, <= 4.0.11 >= 5.2.0, <= 5.2.45 >= 5.0.0, <= 5.0.35 >= 4.2.0, <= 4.2.22 >= 5.6.0, < 5.6.30			PHP:LARAVEL-FRAMEWORK-2018-08-08-1	Cookie serialization vulnerability		2018-08-07T18:07:12 (6 years ago)
Affected	>= 7.0.0, < 7.1.2			PHP:LARAVEL-FRAMEWORK-2020-03-13-1	XSS vulnerability in blade templating		2020-03-13T13:52:44 (4 years ago)
Affected	>= 5.4.0, <= 5.4.99999 >= 7.0.0, < 7.22.4 >= 5.7.0, <= 5.7.99999 >= 4.2.0, <= 4.2.99999 >= 5.5.0, <= 5.5.49 >= 5.6.0, <= 5.6.99999 >= 5.8.0, <= 5.8.99999 >= 5.1.0, <= 5.1.99999 >= 6.0.0, < 6.18.31 >= 5.0.0, <= 5.0.99999 >= 4.1.0, <= 4.1.99999 >= 5.3.0, <= 5.3.99999 >= 5.2.0, <= 5.2.99999			PHP:LARAVEL-FRAMEWORK-2020-07-27-1	RCE vulnerability in "cookie" session driver		2020-07-28T18:31:00 (4 years ago)
Affected	>= 7.0.0, < 7.23.2 >= 6.0.0, < 6.18.34 >= 5.5.0, <= 5.5.49			PHP:LARAVEL-FRAMEWORK-2020-08-06-1	Guard bypass in Eloquent models		2020-08-06T14:56:00 (4 years ago)
Affected	>= 7.0.0, < 7.30.4 >= 6.0.0, < 6.20.14 >= 8.0.0, < 8.24.0			PHP:LARAVEL-FRAMEWORK-2021-01-21	Unexpected bindings in QueryBuilder		2020-01-21T15:10:00 (4 years ago)
Affected	>= 7.0.0, < 7.30.5 >= 6.0.0, < 6.20.26 >= 8.0.0, < 8.40.0			PHP:LARAVEL-FRAMEWORK-2021-04-28	SQL Server LIMIT / OFFSET SQL Injection		2021-04-28T13:18:19 (3 years ago)
Affected	>= 8.0.0, < 8.22.1 >= 6.0.0, < 6.20.11 >= 7.0.0, < 7.30.2		CVE-2021-21263	PHP:LARAVEL-FRAMEWORK-2021-21263	Unexpected bindings in QueryBuilder	medium	2020-01-13T14:37:00 (4 years ago)
Affected	>= 8.0.0, < 8.71.0		CVE-2021-43617	PHP:LARAVEL-FRAMEWORK-2021-43617	Image upload bypass	critical	2021-11-18T02:10:57 (2 years ago)
Affected	< 6.20.42 >= 7.0.0, < 7.30.6 >= 8.0.0, < 8.75.0		CVE-2021-43808	PHP:LARAVEL-FRAMEWORK-2021-43808	Possible cross-site scripting (XSS) vulnerability in the Blade templating engine	medium	2021-12-08T13:31:31 (2 years ago)