pkg:composer/laravel/framework
Type
composer
Namespace
laravel
Name
framework
Known advisories, vulnerabilities and fixes for framework package.
Critical
1
Medium
4
None
9
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 4.0.0, < 4.0.99 >= 4.1.0, < 4.1.26 | PHP:LARAVEL-FRAMEWORK-2014-04-15 | Hijacked authentication cookies vulnerability |
2014-04-15T12:19:00
(10 years ago) |
|||
Affected | >= 4.0.0, < 4.0.99 >= 4.1.0, < 4.1.29 | PHP:LARAVEL-FRAMEWORK-2014-05-20 | Risk of mass-assignment vulnerabilities |
2014-05-20T10:21:00
(10 years ago) |
|||
Affected | >= 5.4.0, <= 5.4.36 >= 5.5.0, < 5.5.10 >= 5.1.0, <= 5.1.46 >= 4.1.26, <= 4.1.31 >= 5.3.0, <= 5.3.31 >= 4.2.0, <= 4.2.22 >= 5.0.0, <= 5.0.35 >= 5.2.0, <= 5.2.45 |
CVE-2017-14775
|
PHP:LARAVEL-FRAMEWORK-2017-14775 | Timing attack vector for remember me token | medium |
2017-09-21T01:38:58
(7 years ago) |
|
Affected | >= 5.3.0, <= 5.3.31 >= 5.4.0, < 5.4.22 |
CVE-2017-9303
|
PHP:LARAVEL-FRAMEWORK-2017-9303 | Password reset phishing vulnerability | medium |
2017-05-07T17:49:26
(7 years ago) |
|
Affected | >= 4.2.0, <= 4.2.22 >= 5.0.0, <= 5.0.35 >= 5.6.0, < 5.6.15 >= 5.2.0, <= 5.2.45 >= 5.5.0, < 5.5.40 >= 5.4.0, <= 5.4.36 >= 4.0.0, <= 4.0.11 >= 5.1.0, <= 5.1.46 >= 4.1.0, <= 4.1.31 >= 5.3.0, <= 5.3.31 | PHP:LARAVEL-FRAMEWORK-2018-03-30-1 | Exploit of encryption failure vulnerability |
2018-03-30T13:26:38
(6 years ago) |
|||
Affected | >= 5.3.0, <= 5.3.31 >= 5.1.0, <= 5.1.46 >= 4.1.0, <= 4.1.31 >= 5.4.0, <= 5.4.36 >= 5.5.0, < 5.5.42 >= 4.0.0, <= 4.0.11 >= 5.2.0, <= 5.2.45 >= 5.0.0, <= 5.0.35 >= 4.2.0, <= 4.2.22 >= 5.6.0, < 5.6.30 | PHP:LARAVEL-FRAMEWORK-2018-08-08-1 | Cookie serialization vulnerability |
2018-08-07T18:07:12
(6 years ago) |
|||
Affected | >= 7.0.0, < 7.1.2 | PHP:LARAVEL-FRAMEWORK-2020-03-13-1 | XSS vulnerability in blade templating |
2020-03-13T13:52:44
(4 years ago) |
|||
Affected | >= 5.4.0, <= 5.4.99999 >= 7.0.0, < 7.22.4 >= 5.7.0, <= 5.7.99999 >= 4.2.0, <= 4.2.99999 >= 5.5.0, <= 5.5.49 >= 5.6.0, <= 5.6.99999 >= 5.8.0, <= 5.8.99999 >= 5.1.0, <= 5.1.99999 >= 6.0.0, < 6.18.31 >= 5.0.0, <= 5.0.99999 >= 4.1.0, <= 4.1.99999 >= 5.3.0, <= 5.3.99999 >= 5.2.0, <= 5.2.99999 | PHP:LARAVEL-FRAMEWORK-2020-07-27-1 | RCE vulnerability in "cookie" session driver |
2020-07-28T18:31:00
(4 years ago) |
|||
Affected | >= 7.0.0, < 7.23.2 >= 6.0.0, < 6.18.34 >= 5.5.0, <= 5.5.49 | PHP:LARAVEL-FRAMEWORK-2020-08-06-1 | Guard bypass in Eloquent models |
2020-08-06T14:56:00
(4 years ago) |
|||
Affected | >= 7.0.0, < 7.30.4 >= 6.0.0, < 6.20.14 >= 8.0.0, < 8.24.0 | PHP:LARAVEL-FRAMEWORK-2021-01-21 | Unexpected bindings in QueryBuilder |
2020-01-21T15:10:00
(4 years ago) |
|||
Affected | >= 7.0.0, < 7.30.5 >= 6.0.0, < 6.20.26 >= 8.0.0, < 8.40.0 | PHP:LARAVEL-FRAMEWORK-2021-04-28 | SQL Server LIMIT / OFFSET SQL Injection |
2021-04-28T13:18:19
(3 years ago) |
|||
Affected | >= 8.0.0, < 8.22.1 >= 6.0.0, < 6.20.11 >= 7.0.0, < 7.30.2 |
CVE-2021-21263
|
PHP:LARAVEL-FRAMEWORK-2021-21263 | Unexpected bindings in QueryBuilder | medium |
2020-01-13T14:37:00
(4 years ago) |
|
Affected | >= 8.0.0, < 8.71.0 |
CVE-2021-43617
|
PHP:LARAVEL-FRAMEWORK-2021-43617 | Image upload bypass | critical |
2021-11-18T02:10:57
(2 years ago) |
|
Affected | < 6.20.42 >= 7.0.0, < 7.30.6 >= 8.0.0, < 8.75.0 |
CVE-2021-43808
|
PHP:LARAVEL-FRAMEWORK-2021-43808 | Possible cross-site scripting (XSS) vulnerability in the Blade templating engine | medium |
2021-12-08T13:31:31
(2 years ago) |