Vulnerable Library - laravel/framework-v8.1.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/d769a497a20e4a374ff7454dde7eee65145e3659

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2021-43617

Vulnerable Library - laravel/framework-v8.1.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/d769a497a20e4a374ff7454dde7eee65145e3659

Dependency Hierarchy:

• ❌ laravel/framework-v8.1.0 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Publish Date: 2021-11-14

URL: CVE-2021-43617

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43617

Release Date: 2021-11-14

Fix Resolution: php-illuminate-session - 6.20.14+dfsg-2+deb11u1;php-illuminate-broadcasting - 6.20.14+dfsg-2+deb11u1;php-illuminate-config - 6.20.14+dfsg-2+deb11u1;php-illuminate-cookie - 6.20.14+dfsg-2+deb11u1;php-laravel-framework - 6.20.14+dfsg-2+deb11u1;php-illuminate-database - 6.20.14+dfsg-2+deb11u1;php-illuminate-translation - 6.20.14+dfsg-2+deb11u1;php-illuminate-support - 6.20.14+dfsg-2+deb11u1;php-illuminate-encryption - 6.20.14+dfsg-2+deb11u1;php-illuminate-hashing - 6.20.14+dfsg-2+deb11u1;php-illuminate-auth - 6.20.14+dfsg-2+deb11u1;php-illuminate-http - 6.20.14+dfsg-2+deb11u1;php-illuminate-mail - 6.20.14+dfsg-2+deb11u1;php-illuminate-view - 6.20.14+dfsg-2+deb11u1;php-illuminate-pipeline - 6.20.14+dfsg-2+deb11u1;php-illuminate-filesystem - 6.20.14+dfsg-2+deb11u1;php-illuminate-validation - 6.20.14+dfsg-2+deb11u1;php-illuminate-container - 6.20.14+dfsg-2+deb11u1;php-illuminate-notifications - 6.20.14+dfsg-2+deb11u1;php-illuminate-cache - 6.20.14+dfsg-2+deb11u1;php-illuminate-contracts - 6.20.14+dfsg-2+deb11u1;php-illuminate-routing - 6.20.14+dfsg-2+deb11u1;php-illuminate-queue - 6.20.14+dfsg-2+deb11u1;php-illuminate-redis - 6.20.14+dfsg-2+deb11u1;php-illuminate-bus - 6.20.14+dfsg-2+deb11u1;php-illuminate-log - 6.20.14+dfsg-2+deb11u1;php-illuminate-console - 6.20.14+dfsg-2+deb11u1;php-illuminate-pagination - 6.20.14+dfsg-2+deb11u1;php-illuminate-events - 6.20.14+dfsg-2+deb11u1

CVE-2022-24894

Vulnerable Library - symfony/http-kernel-v5.1.5

Symfony HttpKernel Component

Library home page: https://api.github.com/repos/symfony/http-kernel/zipball/3e32676e6cb5d2081c91a56783471ff8a7f7110b

Dependency Hierarchy:

• laravel/framework-v8.1.0 (Root Library)
  • ❌ symfony/http-kernel-v5.1.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the AbstractSessionListener, the response might contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.

Publish Date: 2023-02-03

URL: CVE-2022-24894

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://symfony.com/blog/cve-2022-24894-prevent-storing-cookie-headers-in-httpcache

Release Date: 2022-02-11

Fix Resolution: v4.4.50, v5.4.20, v6.0.20, v6.1.12, v6.2.6

CVE-2021-32708

Vulnerable Library - league/flysystem-1.1.3

Filesystem abstraction: Many filesystems, one API.

Library home page: https://api.github.com/repos/thephpleague/flysystem/zipball/9be3b16c877d477357c015cec057548cf9b2a14a

Dependency Hierarchy:

• laravel/framework-v8.1.0 (Root Library)
  • ❌ league/flysystem-1.1.3 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.

Publish Date: 2021-06-24

URL: CVE-2021-32708

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-9f46-5r25-5wfm

Release Date: 2021-06-24

Fix Resolution: 1.1.4,2.1.1

CVE-2021-41267

Vulnerable Library - symfony/http-kernel-v5.1.5

Symfony HttpKernel Component

Library home page: https://api.github.com/repos/symfony/http-kernel/zipball/3e32676e6cb5d2081c91a56783471ff8a7f7110b

Dependency Hierarchy:

• laravel/framework-v8.1.0 (Root Library)
  • ❌ symfony/http-kernel-v5.1.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the X-Forwarded-Prefix headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a X-Forwarded-Prefix header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the X-Forwarded-Prefix header is not forwarded to subrequests when it is not trusted.

Publish Date: 2021-11-24

URL: CVE-2021-41267

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-q3j3-w37x-hq2q

Release Date: 2021-11-24

Fix Resolution: v5.3.12

CVE-2021-43808

Vulnerable Library - laravel/framework-v8.1.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/d769a497a20e4a374ff7454dde7eee65145e3659

Dependency Hierarchy:

• ❌ laravel/framework-v8.1.0 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.

Publish Date: 2021-12-08

URL: CVE-2021-43808

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-66hf-2p6w-jqfw

Release Date: 2021-12-08

Fix Resolution: v6.20.42, v7.30.6, v8.75.0

CVE-2021-21263

Vulnerable Library - laravel/framework-v8.1.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/d769a497a20e4a374ff7454dde7eee65145e3659

Dependency Hierarchy:

• ❌ laravel/framework-v8.1.0 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.

Publish Date: 2021-01-19

URL: CVE-2021-21263

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-3p32-j457-pg5x

Release Date: 2021-01-19

Fix Resolution: v6.20.11,v7.30.2,v8.22.1

Vulnerable Library - fruitcake/laravel-cors-v1.0.6

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2021-41267

Vulnerable Library - symfony/http-kernel-v5.1.5

Symfony HttpKernel Component

Library home page: https://api.github.com/repos/symfony/http-kernel/zipball/3e32676e6cb5d2081c91a56783471ff8a7f7110b

Dependency Hierarchy:

• fruitcake/laravel-cors-v1.0.6 (Root Library)
  • ❌ symfony/http-kernel-v5.1.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the X-Forwarded-Prefix headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a X-Forwarded-Prefix header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the X-Forwarded-Prefix header is not forwarded to subrequests when it is not trusted.

Publish Date: 2021-11-24

URL: CVE-2021-41267

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-q3j3-w37x-hq2q

Release Date: 2021-11-24

Fix Resolution: v5.3.12

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2022-29248

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Dependency Hierarchy:

• ❌ guzzlehttp/guzzle-6.5.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.

Publish Date: 2022-05-25

URL: CVE-2022-29248

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

Release Date: 2022-05-25

Fix Resolution: guzzlehttp/guzzle - 6.5.6,guzzlehttp/guzzle - 7.4.3

CVE-2022-31091

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Dependency Hierarchy:

• ❌ guzzlehttp/guzzle-6.5.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

Publish Date: 2022-06-27

URL: CVE-2022-31091

CVSS 3 Score Details (7.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

Release Date: 2022-06-27

Fix Resolution: 6.5.8,7.4.5

CVE-2022-31090

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Dependency Hierarchy:

• ❌ guzzlehttp/guzzle-6.5.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPT_HTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the CURLOPT_HTTPAUTH option before continuing, stopping curl from appending the Authorization header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.

Publish Date: 2022-06-27

URL: CVE-2022-31090

CVSS 3 Score Details (7.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-25mq-v84q-4j7r

Release Date: 2022-05-19

Fix Resolution: 6.5.8,7.4.5

CVE-2022-31043

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Dependency Hierarchy:

• ❌ guzzlehttp/guzzle-6.5.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, https to http downgrades did not result in the Authorization header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.

Publish Date: 2022-06-10

URL: CVE-2022-31043

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-w248-ffj2-4v5q

Release Date: 2022-06-10

Fix Resolution: 6.5.7,7.4.4

CVE-2022-31042

Vulnerable Library - guzzlehttp/guzzle-6.5.5

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e

Dependency Hierarchy:

• ❌ guzzlehttp/guzzle-6.5.5 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the Cookie header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any Cookie header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

Publish Date: 2022-06-10

URL: CVE-2022-31042

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-f2wf-25xc-69c9

Release Date: 2022-06-10

Fix Resolution: 6.5.7,7.4.4

CVE-2022-24775

Vulnerable Library - guzzlehttp/psr7-1.6.1

PSR-7 HTTP message library

Dependency Hierarchy:

• guzzlehttp/guzzle-6.5.5 (Root Library)
  • ❌ guzzlehttp/psr7-1.6.1 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

Publish Date: 2022-03-21

URL: CVE-2022-24775

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-q7rv-6hp3-vh96

Release Date: 2022-03-21

Fix Resolution: 1.8.4,2.1.1

Vulnerable Library - phpunit/phpunit-8.5.8

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2020-23064

Vulnerable Library - phpunit/php-code-coverage-7.0.10

Library that provides collection, processing, and rendering functionality for PHP code coverage information.

Library home page: https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/f1884187926fbb755a9aaf0b3836ad3165b478bf

Dependency Hierarchy:

• phpunit/phpunit-8.5.8 (Root Library)
  • ❌ phpunit/php-code-coverage-7.0.10 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element.

Publish Date: 2023-06-26

URL: CVE-2020-23064

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2023-06-26

Fix Resolution: jquery - 3.5.0

CVE-2020-11023

Vulnerable Library - phpunit/php-code-coverage-7.0.10

Library that provides collection, processing, and rendering functionality for PHP code coverage information.

Library home page: https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/f1884187926fbb755a9aaf0b3836ad3165b478bf

Dependency Hierarchy:

• phpunit/phpunit-8.5.8 (Root Library)
  • ❌ phpunit/php-code-coverage-7.0.10 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - phpunit/php-code-coverage-7.0.10

Library that provides collection, processing, and rendering functionality for PHP code coverage information.

Library home page: https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/f1884187926fbb755a9aaf0b3836ad3165b478bf

Dependency Hierarchy:

• phpunit/phpunit-8.5.8 (Root Library)
  • ❌ phpunit/php-code-coverage-7.0.10 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2020-23064

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element.

Publish Date: 2023-06-26

URL: CVE-2020-23064

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2023-06-26

Fix Resolution: jquery - 3.5.0

CVE-2020-11023

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Vulnerable Library - facade/ignition-2.3.7

A beautiful error page for Laravel applications.

Library home page: https://api.github.com/repos/facade/ignition/zipball/b364db8860a63c1fb58b72b9718863c21df08762

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

CVE-2021-3129

Vulnerable Library - facade/ignition-2.3.7

A beautiful error page for Laravel applications.

Library home page: https://api.github.com/repos/facade/ignition/zipball/b364db8860a63c1fb58b72b9718863c21df08762

Dependency Hierarchy:

• ❌ facade/ignition-2.3.7 (Vulnerable Library)

Found in HEAD commit: c84aace76ec3ee3adbeb9350245a685969209ed1

Found in base branch: main

Vulnerability Details

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

Publish Date: 2021-01-12

URL: CVE-2021-3129

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129

Release Date: 2021-01-12

Fix Resolution: 2.5.2