- Description
- In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Laravel Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Jan 16, 2024
- Exploit action due
- Feb 6, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C67AD9D-B8EB-44C4-A077-2FB1F8538156",
"versionEndIncluding": "5.5.40"
},
{
"criteria": "cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BC58BB2-5958-45FB-ABB9-0E1AC2B62831",
"versionEndIncluding": "5.6.29",
"versionStartIncluding": "5.6.0"
}
],
"operator": "OR"
}
]
}
]