GHSA-8vwh-pr89-4mw2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8vwh-pr89-4mw2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-8vwh-pr89-4mw2/GHSA-8vwh-pr89-4mw2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-8vwh-pr89-4mw2
- Aliases
-
- CVE-2024-55661
- Published
- 2024-12-13T20:35:43Z
- Modified
- 2024-12-17T18:23:38.766745Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
- Details
-
A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public
remember()method in theLaravel\Pulse\Livewire\Concerns\RemembersQueriestrait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application.Impact
An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method that meets the following criteria:
- The callable is a function or static method
- The callable has no parameters or no strict parameter types
Vulnerable Components
- The
remember(callable $query, string $key = '')method inLaravel\Pulse\Livewire\Concerns\RemembersQueries - Affects all Pulse card components that use this trait
Attack Vectors
The vulnerability can be exploited through Livewire component interactions, for example:
wire:click="remember('\\Illuminate\\Support\\Facades\\Config::all', 'config')"Credit
Thank you to Jeremy Angele for reporting this vulnerability.
- Database specific
{ "nvd_published_at": "2024-12-13T16:15:27Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-12-13T20:35:43Z" }- References
Affected packages
Packagist / laravel/pulse
Package
- Name
- laravel/pulse
- Purl
- pkg:composer/laravel/pulse
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.1
Affected versions
v1.*
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-beta3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-beta9
v1.0.0-beta10
v1.0.0-beta11
v1.0.0-beta12
v1.0.0-beta13
v1.0.0-beta14
v1.0.0-beta15
v1.0.0-beta16
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.3.0