CVE-2024-52301

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-52301
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52301.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-52301
Aliases
Downstream
Published
2024-11-12T19:32:14.415Z
Modified
2026-02-07T02:51:49.292944Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Laravel allows environment manipulation via query string
Details

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52301.json",
    "cwe_ids": [
        "CWE-88"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/laravel/framework

Affected ranges

Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
841d842bbdc8e08c6364a8c06212c7286bbf0b9a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.20.45"
        }
    ]
}
Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
0b12ef19623c40e22eff91a4b48cb13b3b415b25
Fixed
0fe75bafb8703c6c8184792b91ce5e27ad80aa7b
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.30.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
43bea00fd27c76c01fd009e46725a54885f4d2a5
Fixed
83e64679d0688ee83b9224b60831dcf4b1a812f7
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.83.28"
        }
    ]
}
Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
fbe7ed828819eadabb3cb9f95847a2ffe8846fd6
Fixed
a069cf17e4943fb88d2a91c92690004fb3236dab
Database specific 
{
    "versions": [
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.52.17"
        }
    ]
}
Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
be2ddb5c31b0b9ebc2738d9f37a9d4c960aa3199
Fixed
625269ca4881d2b50eded2045cb930960a181d98
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.48.23"
        }
    ]
}
Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
6089f679d6d29e6071a6448ed5e96de02e57fedb
Fixed
365090ed2c68244e3141cdb5e247cdf3dfba2c40
Database specific 
{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.31.0"
        }
    ]
}

Affected versions

5.*
5.0.30
5.2.41
5.3
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.10.0
v10.10.1
v10.11.0
v10.12.0
v10.13.0
v10.13.1
v10.13.2
v10.13.3
v10.13.5
v10.14.0
v10.14.1
v10.15.0
v10.16.0
v10.16.1
v10.17.0
v10.17.1
v10.18.0
v10.19.0
v10.2.0
v10.20.0
v10.21.0
v10.21.1
v10.22.0
v10.23.0
v10.23.1
v10.24.0
v10.25.0
v10.25.1
v10.25.2
v10.26.0
v10.26.1
v10.26.2
v10.27.0
v10.28.0
v10.29.0
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.30.0
v10.30.1
v10.31.0
v10.32.0
v10.32.1
v10.33.0
v10.34.0
v10.34.1
v10.34.2
v10.35.0
v10.36.0
v10.37.0
v10.37.1
v10.37.2
v10.37.3
v10.38.0
v10.38.1
v10.38.2
v10.39.0
v10.4.0
v10.4.1
v10.40.0
v10.41.0
v10.42.0
v10.43.0
v10.44.0
v10.45.0
v10.45.1
v10.46.0
v10.47.0
v10.48.0
v10.48.1
v10.48.10
v10.48.11
v10.48.12
v10.48.13
v10.48.14
v10.48.15
v10.48.16
v10.48.17
v10.48.18
v10.48.19
v10.48.2
v10.48.20
v10.48.21
v10.48.22
v10.48.3
v10.48.4
v10.48.5
v10.48.6
v10.48.7
v10.48.8
v10.48.9
v10.5.0
v10.5.1
v10.6.0
v10.6.1
v10.6.2
v10.7.0
v10.7.1
v10.8.0
v10.9.0
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.0.5
v11.0.6
v11.0.7
v11.0.8
v11.1.0
v11.1.1
v11.10.0
v11.11.0
v11.11.1
v11.12.0
v11.13.0
v11.14.0
v11.15.0
v11.16.0
v11.17.0
v11.18.0
v11.18.1
v11.19.0
v11.2.0
v11.20.0
v11.21.0
v11.22.0
v11.23.0
v11.23.1
v11.23.2
v11.23.3
v11.23.4
v11.23.5
v11.24.0
v11.24.1
v11.25.0
v11.26.0
v11.27.0
v11.27.1
v11.27.2
v11.28.0
v11.28.1
v11.29.0
v11.3.0
v11.3.1
v11.30.0
v11.4.0
v11.5.0
v11.6.0
v11.7.0
v11.8.0
v11.9.0
v11.9.1
v11.9.2
v4.*
v4.0.0
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.26
v4.1.27
v4.1.28
v4.1.29
v4.1.3
v4.1.30
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-BETA1
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.2
v5.0.20
v5.0.21
v5.0.22
v5.0.23
v5.0.24
v5.0.25
v5.0.26
v5.0.27
v5.0.28
v5.0.29
v5.0.3
v5.0.31
v5.0.32
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.10
v5.1.11
v5.1.12
v5.1.13
v5.1.14
v5.1.15
v5.1.16
v5.1.17
v5.1.18
v5.1.19
v5.1.2
v5.1.20
v5.1.21
v5.1.22
v5.1.23
v5.1.24
v5.1.25
v5.1.26
v5.1.27
v5.1.28
v5.1.29
v5.1.3
v5.1.30
v5.1.31
v5.1.32
v5.1.33
v5.1.34
v5.1.35
v5.1.36
v5.1.37
v5.1.38
v5.1.39
v5.1.4
v5.1.40
v5.1.41
v5.1.42
v5.1.43
v5.1.44
v5.1.45
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.2.0
v5.2.0-beta1
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.2
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.26
v5.2.27
v5.2.28
v5.2.29
v5.2.3
v5.2.30
v5.2.31
v5.2.32
v5.2.33
v5.2.34
v5.2.35
v5.2.36
v5.2.37
v5.2.38
v5.2.39
v5.2.4
v5.2.40
v5.2.42
v5.2.43
v5.2.44
v5.2.45
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.3.0
v5.3.0-RC1
v5.3.1
v5.3.10
v5.3.11
v5.3.12
v5.3.13
v5.3.14
v5.3.15
v5.3.16
v5.3.17
v5.3.18
v5.3.19
v5.3.2
v5.3.20
v5.3.21
v5.3.22
v5.3.23
v5.3.24
v5.3.25
v5.3.26
v5.3.27
v5.3.28
v5.3.29
v5.3.3
v5.3.30
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.10
v5.4.11
v5.4.12
v5.4.13
v5.4.14
v5.4.15
v5.4.16
v5.4.17
v5.4.18
v5.4.19
v5.4.2
v5.4.20
v5.4.21
v5.4.22
v5.4.23
v5.4.24
v5.4.25
v5.4.26
v5.4.27
v5.4.28
v5.4.29
v5.4.3
v5.4.30
v5.4.31
v5.4.32
v5.4.33
v5.4.34
v5.4.35
v5.4.36
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.4.8
v5.4.9
v5.5.0
v5.5.1
v5.5.10
v5.5.11
v5.5.12
v5.5.13
v5.5.14
v5.5.15
v5.5.16
v5.5.17
v5.5.18
v5.5.19
v5.5.2
v5.5.20
v5.5.21
v5.5.22
v5.5.23
v5.5.24
v5.5.25
v5.5.26
v5.5.27
v5.5.28
v5.5.29
v5.5.3
v5.5.30
v5.5.31
v5.5.32
v5.5.33
v5.5.34
v5.5.35
v5.5.36
v5.5.37
v5.5.38
v5.5.39
v5.5.4
v5.5.40
v5.5.41
v5.5.42
v5.5.43
v5.5.44
v5.5.45
v5.5.46
v5.5.47
v5.5.48
v5.5.49
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v5.6.0
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.19
v5.6.2
v5.6.20
v5.6.21
v5.6.22
v5.6.23
v5.6.24
v5.6.25
v5.6.26
v5.6.27
v5.6.28
v5.6.29
v5.6.3
v5.6.30
v5.6.31
v5.6.32
v5.6.33
v5.6.34
v5.6.35
v5.6.36
v5.6.37
v5.6.38
v5.6.39
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.0
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.17
v5.7.18
v5.7.19
v5.7.2
v5.7.20
v5.7.21
v5.7.22
v5.7.23
v5.7.24
v5.7.25
v5.7.26
v5.7.27
v5.7.28
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.8.0
v5.8.1
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.19
v5.8.2
v5.8.20
v5.8.21
v5.8.22
v5.8.23
v5.8.24
v5.8.25
v5.8.26
v5.8.27
v5.8.28
v5.8.29
v5.8.3
v5.8.30
v5.8.31
v5.8.32
v5.8.33
v5.8.34
v5.8.35
v5.8.36
v5.8.37
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.1.0
v6.10.0
v6.10.1
v6.11.0
v6.12.0
v6.13.0
v6.13.1
v6.14.0
v6.15.0
v6.15.1
v6.16.0
v6.17.0
v6.17.1
v6.18.0
v6.18.1
v6.18.10
v6.18.11
v6.18.12
v6.18.13
v6.18.14
v6.18.15
v6.18.16
v6.18.17
v6.18.18
v6.18.19
v6.18.2
v6.18.20
v6.18.21
v6.18.22
v6.18.23
v6.18.24
v6.18.25
v6.18.26
v6.18.27
v6.18.28
v6.18.29
v6.18.3
v6.18.30
v6.18.31
v6.18.32
v6.18.33
v6.18.34
v6.18.35
v6.18.36
v6.18.37
v6.18.38
v6.18.39
v6.18.4
v6.18.40
v6.18.41
v6.18.42
v6.18.43
v6.18.5
v6.18.6
v6.18.7
v6.18.8
v6.18.9
v6.19.0
v6.19.1
v6.2.0
v6.20.0
v6.20.1
v6.20.10
v6.20.11
v6.20.12
v6.20.13
v6.20.14
v6.20.15
v6.20.16
v6.20.17
v6.20.18
v6.20.19
v6.20.2
v6.20.20
v6.20.21
v6.20.22
v6.20.23
v6.20.24
v6.20.25
v6.20.26
v6.20.27
v6.20.28
v6.20.29
v6.20.3
v6.20.30
v6.20.31
v6.20.32
v6.20.33
v6.20.34
v6.20.35
v6.20.36
v6.20.37
v6.20.38
v6.20.39
v6.20.4
v6.20.40
v6.20.41
v6.20.42
v6.20.43
v6.20.44
v6.20.5
v6.20.6
v6.20.7
v6.20.8
v6.20.9
v6.3.0
v6.4.0
v6.4.1
v6.5.0
v6.5.1
v6.5.2
v6.6.0
v6.6.1
v6.6.2
v6.7.0
v6.8.0
v6.9.0
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.10.0
v7.10.1
v7.10.2
v7.10.3
v7.11.0
v7.12.0
v7.13.0
v7.14.0
v7.14.1
v7.15.0
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.2
v7.18.0
v7.19.0
v7.19.1
v7.2.0
v7.2.1
v7.2.2
v7.20.0
v7.21.0
v7.22.0
v7.22.1
v7.22.2
v7.22.3
v7.22.4
v7.23.0
v7.23.1
v7.23.2
v7.24.0
v7.25.0
v7.26.0
v7.26.1
v7.27.0
v7.28.0
v7.28.1
v7.28.2
v7.28.3
v7.28.4
v7.29.0
v7.29.1
v7.29.2
v7.29.3
v7.3.0
v7.30.0
v7.30.1
v7.30.2
v7.30.3
v7.30.4
v7.30.5
v7.30.6
v7.4.0
v7.5.0
v7.5.1
v7.5.2
v7.6.0
v7.6.1
v7.6.2
v7.7.0
v7.7.1
v7.8.0
v7.8.1
v7.9.0
v7.9.1
v7.9.2
v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.12.0
v8.12.1
v8.12.2
v8.12.3
v8.13.0
v8.14.0
v8.15.0
v8.16.0
v8.16.1
v8.17.0
v8.17.1
v8.17.2
v8.18.0
v8.18.1
v8.19.0
v8.2.0
v8.20.0
v8.20.1
v8.21.0
v8.22.0
v8.22.1
v8.23.0
v8.23.1
v8.24.0
v8.25.0
v8.26.0
v8.26.1
v8.27.0
v8.28.0
v8.28.1
v8.29.0
v8.3.0
v8.30.0
v8.30.1
v8.31.0
v8.32.0
v8.32.1
v8.33.0
v8.33.1
v8.34.0
v8.35.0
v8.35.1
v8.36.0
v8.36.1
v8.36.2
v8.37.0
v8.38.0
v8.39.0
v8.4.0
v8.40.0
v8.41.0
v8.42.0
v8.42.1
v8.43.0
v8.44.0
v8.45.0
v8.45.1
v8.46.0
v8.47.0
v8.48.0
v8.48.1
v8.48.2
v8.49.0
v8.49.1
v8.49.2
v8.5.0
v8.50.0
v8.51.0
v8.52.0
v8.53.0
v8.53.1
v8.54.0
v8.55.0
v8.56.0
v8.57.0
v8.58.0
v8.59.0
v8.6.0
v8.60.0
v8.61.0
v8.62.0
v8.63.0
v8.64.0
v8.65.0
v8.66.0
v8.67.0
v8.68.0
v8.68.1
v8.69.0
v8.7.0
v8.7.1
v8.70.0
v8.70.1
v8.70.2
v8.71.0
v8.72.0
v8.73.0
v8.73.1
v8.73.2
v8.74.0
v8.75.0
v8.76.0
v8.76.1
v8.76.2
v8.77.0
v8.77.1
v8.78.0
v8.78.1
v8.79.0
v8.8.0
v8.80.0
v8.81.0
v8.82.0
v8.83.0
v8.83.1
v8.83.10
v8.83.11
v8.83.12
v8.83.13
v8.83.14
v8.83.15
v8.83.16
v8.83.17
v8.83.18
v8.83.19
v8.83.2
v8.83.20
v8.83.21
v8.83.22
v8.83.23
v8.83.24
v8.83.25
v8.83.26
v8.83.27
v8.83.3
v8.83.4
v8.83.5
v8.83.6
v8.83.7
v8.83.8
v8.83.9
v8.9.0
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.1.0
v9.10.0
v9.10.1
v9.11.0
v9.12.0
v9.12.1
v9.12.2
v9.13.0
v9.14.0
v9.14.1
v9.15.0
v9.16.0
v9.17.0
v9.18.0
v9.19.0
v9.2.0
v9.20.0
v9.21.0
v9.21.1
v9.21.2
v9.21.3
v9.21.4
v9.21.5
v9.21.6
v9.22.0
v9.22.1
v9.23.0
v9.24.0
v9.25.0
v9.25.1
v9.26.0
v9.26.1
v9.27.0
v9.28.0
v9.29.0
v9.3.0
v9.3.1
v9.30.0
v9.30.1
v9.31.0
v9.32.0
v9.33.0
v9.34.0
v9.35.0
v9.35.1
v9.36.0
v9.36.1
v9.36.2
v9.36.3
v9.36.4
v9.37.0
v9.38.0
v9.39.0
v9.4.0
v9.4.1
v9.40.0
v9.40.1
v9.41.0
v9.42.0
v9.42.1
v9.42.2
v9.43.0
v9.44.0
v9.45.0
v9.45.1
v9.46.0
v9.47.0
v9.48.0
v9.49.0
v9.5.0
v9.5.1
v9.50.0
v9.50.1
v9.50.2
v9.51.0
v9.52.0
v9.52.1
v9.52.10
v9.52.11
v9.52.12
v9.52.13
v9.52.14
v9.52.15
v9.52.16
v9.52.2
v9.52.3
v9.52.4
v9.52.5
v9.52.6
v9.52.7
v9.52.8
v9.52.9
v9.6.0
v9.7.0
v9.8.0
v9.8.1
v9.9.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52301.json"