CVE-2021-43808

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43808

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43808.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43808

Aliases

GHSA-66hf-2p6w-jqfw

Related

GHSA-66hf-2p6w-jqfw

Published

2021-12-08T00:15:07Z

Modified

2025-02-16T05:45:47.382885Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.

References

Affected packages

Debian:11 / php-laravel-framework

Package

Name: php-laravel-framework
Purl: pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.20.14+dfsg-2+deb11u1

Affected versions

6.*

6.20.14+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / php-laravel-framework

Package

Name: php-laravel-framework
Purl: pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.20.14+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / php-laravel-framework

Package

Name: php-laravel-framework
Purl: pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.20.14+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/laravel/framework

Affected ranges

Type: GIT
Repo: https://github.com/laravel/framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b8174169b1807f36de1837751599e2828ceddb9b

Fixed

b8174169b1807f36de1837751599e2828ceddb9b

Affected versions

5.*

5.0.30

5.2.41

5.3

v4.*

v4.0.0

v4.0.0-BETA2

v4.0.0-BETA3

v4.0.0-BETA4

v4.0.1

v4.0.10

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.1

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.15

v4.1.16

v4.1.17

v4.1.18

v4.1.19

v4.1.2

v4.1.20

v4.1.21

v4.1.22

v4.1.23

v4.1.24

v4.1.25

v4.1.26

v4.1.27

v4.1.28

v4.1.29

v4.1.3

v4.1.30

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0

v4.2.0-BETA1

v4.2.1

v4.2.10

v4.2.11

v4.2.12

v4.2.13

v4.2.14

v4.2.15

v4.2.16

v4.2.17

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

v5.*

v5.0.0

v5.0.1

v5.0.10

v5.0.11

v5.0.12

v5.0.13

v5.0.14

v5.0.15

v5.0.16

v5.0.17

v5.0.18

v5.0.19

v5.0.2

v5.0.20

v5.0.21

v5.0.22

v5.0.23

v5.0.24

v5.0.25

v5.0.26

v5.0.27

v5.0.28

v5.0.29

v5.0.3

v5.0.31

v5.0.32

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.10

v5.1.11

v5.1.12

v5.1.13

v5.1.14

v5.1.15

v5.1.16

v5.1.17

v5.1.18

v5.1.19

v5.1.2

v5.1.20

v5.1.21

v5.1.22

v5.1.23

v5.1.24

v5.1.25

v5.1.26

v5.1.27

v5.1.28

v5.1.29

v5.1.3

v5.1.30

v5.1.31

v5.1.32

v5.1.33

v5.1.34

v5.1.35

v5.1.36

v5.1.37

v5.1.38

v5.1.39

v5.1.4

v5.1.40

v5.1.41

v5.1.42

v5.1.43

v5.1.44

v5.1.45

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.1.9

v5.2.0

v5.2.0-beta1

v5.2.1

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.2.15

v5.2.16

v5.2.17

v5.2.18

v5.2.19

v5.2.2

v5.2.20

v5.2.21

v5.2.22

v5.2.23

v5.2.24

v5.2.25

v5.2.26

v5.2.27

v5.2.28

v5.2.29

v5.2.3

v5.2.30

v5.2.31

v5.2.32

v5.2.33

v5.2.34

v5.2.35

v5.2.36

v5.2.37

v5.2.38

v5.2.39

v5.2.4

v5.2.40

v5.2.42

v5.2.43

v5.2.44

v5.2.45

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

v5.3.0

v5.3.0-RC1

v5.3.1

v5.3.10

v5.3.11

v5.3.12

v5.3.13

v5.3.14

v5.3.15

v5.3.16

v5.3.17

v5.3.18

v5.3.19

v5.3.2

v5.3.20

v5.3.21

v5.3.22

v5.3.23

v5.3.24

v5.3.25

v5.3.26

v5.3.27

v5.3.28

v5.3.29

v5.3.3

v5.3.30

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.4.0

v5.4.1

v5.4.10

v5.4.11

v5.4.12

v5.4.13

v5.4.14

v5.4.15

v5.4.16

v5.4.17

v5.4.18

v5.4.19

v5.4.2

v5.4.20

v5.4.21

v5.4.22

v5.4.23

v5.4.24

v5.4.25

v5.4.26

v5.4.27

v5.4.28

v5.4.29

v5.4.3

v5.4.30

v5.4.31

v5.4.32

v5.4.33

v5.4.34

v5.4.35

v5.4.36

v5.4.4

v5.4.5

v5.4.6

v5.4.7

v5.4.8

v5.4.9

v5.5.0

v5.5.1

v5.5.10

v5.5.11

v5.5.12

v5.5.13

v5.5.14

v5.5.15

v5.5.16

v5.5.17

v5.5.18

v5.5.19

v5.5.2

v5.5.20

v5.5.21

v5.5.22

v5.5.23

v5.5.24

v5.5.25

v5.5.26

v5.5.27

v5.5.28

v5.5.29

v5.5.3

v5.5.30

v5.5.31

v5.5.32

v5.5.33

v5.5.34

v5.5.35

v5.5.36

v5.5.37

v5.5.38

v5.5.39

v5.5.4

v5.5.40

v5.5.41

v5.5.42

v5.5.43

v5.5.44

v5.5.45

v5.5.46

v5.5.47

v5.5.48

v5.5.49

v5.5.5

v5.5.6

v5.5.7

v5.5.8

v5.5.9

v5.6.0

v5.6.1

v5.6.10

v5.6.11

v5.6.12

v5.6.13

v5.6.14

v5.6.15

v5.6.16

v5.6.17

v5.6.18

v5.6.19

v5.6.2

v5.6.20

v5.6.21

v5.6.22

v5.6.23

v5.6.24

v5.6.25

v5.6.26

v5.6.27

v5.6.28

v5.6.29

v5.6.3

v5.6.30

v5.6.31

v5.6.32

v5.6.33

v5.6.34

v5.6.35

v5.6.36

v5.6.37

v5.6.38

v5.6.39

v5.6.4

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.6.9

v5.7.0

v5.7.1

v5.7.10

v5.7.11

v5.7.12

v5.7.13

v5.7.14

v5.7.15

v5.7.16

v5.7.17

v5.7.18

v5.7.19

v5.7.2

v5.7.20

v5.7.21

v5.7.22

v5.7.23

v5.7.24

v5.7.25

v5.7.26

v5.7.27

v5.7.28

v5.7.3

v5.7.4

v5.7.5

v5.7.6

v5.7.7

v5.7.8

v5.7.9

v5.8.0

v5.8.1

v5.8.10

v5.8.11

v5.8.12

v5.8.13

v5.8.14

v5.8.15

v5.8.16

v5.8.17

v5.8.18

v5.8.19

v5.8.2

v5.8.20

v5.8.21

v5.8.22

v5.8.23

v5.8.24

v5.8.25

v5.8.26

v5.8.27

v5.8.28

v5.8.29

v5.8.3

v5.8.30

v5.8.31

v5.8.32

v5.8.33

v5.8.34

v5.8.35

v5.8.36

v5.8.37

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.1.0

v6.10.0

v6.10.1

v6.11.0

v6.12.0

v6.13.0

v6.13.1

v6.14.0

v6.15.0

v6.15.1

v6.16.0

v6.17.0

v6.17.1

v6.18.0

v6.18.1

v6.18.10

v6.18.11

v6.18.12

v6.18.13

v6.18.14

v6.18.15

v6.18.16

v6.18.17

v6.18.18

v6.18.19

v6.18.2

v6.18.20

v6.18.21

v6.18.22

v6.18.23

v6.18.24

v6.18.25

v6.18.26

v6.18.27

v6.18.28

v6.18.29

v6.18.3

v6.18.30

v6.18.31

v6.18.32

v6.18.33

v6.18.34

v6.18.35

v6.18.36

v6.18.37

v6.18.38

v6.18.39

v6.18.4

v6.18.40

v6.18.41

v6.18.42

v6.18.43

v6.18.5

v6.18.6

v6.18.7

v6.18.8

v6.18.9

v6.19.0

v6.19.1

v6.2.0

v6.20.0

v6.20.1

v6.20.10

v6.20.11

v6.20.12

v6.20.13

v6.20.14

v6.20.15

v6.20.16

v6.20.17

v6.20.18

v6.20.19

v6.20.2

v6.20.20

v6.20.21

v6.20.22

v6.20.23

v6.20.24

v6.20.25

v6.20.26

v6.20.27

v6.20.28

v6.20.29

v6.20.3

v6.20.30

v6.20.31

v6.20.32

v6.20.33

v6.20.34

v6.20.35

v6.20.36

v6.20.37

v6.20.38

v6.20.39

v6.20.4

v6.20.40

v6.20.41

v6.20.5

v6.20.6

v6.20.7

v6.20.8

v6.20.9

v6.3.0

v6.4.0

v6.4.1

v6.5.0

v6.5.1

v6.5.2

v6.6.0

v6.6.1

v6.6.2

v6.7.0

v6.8.0

v6.9.0