laravel/framework Security Advisories for v6.18.7 (8)
-
[CRITICAL] Laravel Framework Deserialization Vulnerability
PKSA-dpt9-7cmv-dk65 CVE-2019-9081 GHSA-pfg4-p438-p874
Affected version: >=5.7.0,<6.20.44
Reported by:
GitHub -
[HIGH] Improper Input Validation in Laravel
PKSA-7ywf-hktb-jkn9 CVE-2020-24941 GHSA-w68r-5p45-5rqp
Affected version: >=7.0.0,<7.24.0|<6.18.35
Reported by:
GitHub -
SQL Server LIMIT / OFFSET SQL Injection
Affected version: >=6.0.0,<6.20.26|>=7.0.0,<7.30.5|>=8.0.0,<8.40.0
Reported by:
FriendsOfPHP/security-advisories -
Unexpected bindings in QueryBuilder
Affected version: >=6.0.0,<6.20.14|>=7.0.0,<7.30.4|>=8.0.0,<8.24.0
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
PKSA-njrm-6dtg-m2pc CVE-2021-43808 GHSA-66hf-2p6w-jqfw
Affected version: <6.20.42|>=7.0.0,<7.30.6|>=8.0.0,<8.75.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Guard bypass in Eloquent models
Affected version: >=5.5.0,<=5.5.49|>=6.0.0,<6.18.34|>=7.0.0,<7.23.2
Reported by:
FriendsOfPHP/security-advisories -
RCE vulnerability in "cookie" session driver
Affected version: >=4.1.0,<=4.1.99999|>=4.2.0,<=4.2.99999|>=5.0.0,<=5.0.99999|>=5.1.0,<=5.1.99999|>=5.2.0,<=5.2.99999|>=5.3.0,<=5.3.99999|>=5.4.0,<=5.4.99999|>=5.5.0,<=5.5.49|>=5.6.0,<=5.6.99999|>=5.7.0,<=5.7.99999|>=5.8.0,<=5.8.99999|>=6.0.0,<6.18.31|>=7.0.0,<7.22.4
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Unexpected bindings in QueryBuilder
PKSA-985r-hryy-555b CVE-2021-21263 GHSA-3p32-j457-pg5x
Affected version: >=6.0.0,<6.20.11|>=7.0.0,<7.30.2|>=8.0.0,<8.22.1
Reported by:
GitHub, FriendsOfPHP/security-advisories