Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-PHP-LARAVELFRAMEWORK-174581
- published 5 May 2019
- disclosed 9 Aug 2018
- credit Unknown
How to fix?
laravel/framework to version 5.6.30, 5.5.41 or higher.
laravel/framework is a PHP framework for web artisans.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). It might occur as a result of an unserialize call on a potentially untrusted
X-XSRF-TOKEN value. This involves the decrypt method in
Illuminate/Encryption/Encrypter.php and PendingBroadcast in
phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.