GHSA-gv7v-rgg6-548h

Suggest an improvement
Source
https://github.com/advisories/GHSA-gv7v-rgg6-548h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-gv7v-rgg6-548h
Aliases
Published
2024-11-12T22:08:42Z
Modified
2024-12-21T18:49:14.926175Z
Severity
  • 0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Laravel environment manipulation via query string
Details

Description

When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

Resolution

The framework now ignores argv values for environment detection on non-cli SAPIs.

Database specific 
{
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2024-11-12T20:15:14Z",
    "github_reviewed_at": "2024-11-12T22:08:42Z",
    "cwe_ids": [
        "CWE-88"
    ]
}
References

Affected packages

Packagist

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.20.45

Affected versions

v4.*

v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.26
v4.1.27
v4.1.28
v4.1.29
v4.1.30
v4.1.31
v4.2.0-BETA1
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.18
v4.2.19
v4.2.20
v4.2.21
v4.2.22

v5.*

v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.20
v5.0.21
v5.0.22
v5.0.23
v5.0.24
v5.0.25
v5.0.26
v5.0.27
v5.0.28
v5.0.29
v5.0.31
v5.0.32
v5.0.33
v5.0.34
v5.0.35
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.1.10
v5.1.11
v5.1.12
v5.1.13
v5.1.14
v5.1.15
v5.1.16
v5.1.17
v5.1.18
v5.1.19
v5.1.20
v5.1.21
v5.1.22
v5.1.23
v5.1.24
v5.1.25
v5.1.26
v5.1.27
v5.1.28
v5.1.29
v5.1.30
v5.1.31
v5.1.32
v5.1.33
v5.1.34
v5.1.35
v5.1.36
v5.1.37
v5.1.38
v5.1.39
v5.1.40
v5.1.41
v5.1.42
v5.1.43
v5.1.44
v5.1.45
v5.1.46
v5.2.0-beta1
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.26
v5.2.27
v5.2.28
v5.2.29
v5.2.30
v5.2.31
v5.2.32
v5.2.33
v5.2.34
v5.2.35
v5.2.36
v5.2.37
v5.2.38
v5.2.39
v5.2.40
v5.2.42
v5.2.43
v5.2.44
v5.2.45
v5.3.0-RC1
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.3.10
v5.3.11
v5.3.12
v5.3.13
v5.3.14
v5.3.15
v5.3.16
v5.3.17
v5.3.18
v5.3.19
v5.3.20
v5.3.21
v5.3.22
v5.3.23
v5.3.24
v5.3.25
v5.3.26
v5.3.27
v5.3.28
v5.3.29
v5.3.30
v5.3.31
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.4.8
v5.4.9
v5.4.10
v5.4.11
v5.4.12
v5.4.13
v5.4.14
v5.4.15
v5.4.16
v5.4.17
v5.4.18
v5.4.19
v5.4.20
v5.4.21
v5.4.22
v5.4.23
v5.4.24
v5.4.25
v5.4.26
v5.4.27
v5.4.28
v5.4.29
v5.4.30
v5.4.31
v5.4.32
v5.4.33
v5.4.34
v5.4.35
v5.4.36
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v5.5.10
v5.5.11
v5.5.12
v5.5.13
v5.5.14
v5.5.15
v5.5.16
v5.5.17
v5.5.18
v5.5.19
v5.5.20
v5.5.21
v5.5.22
v5.5.23
v5.5.24
v5.5.25
v5.5.26
v5.5.27
v5.5.28
v5.5.29
v5.5.30
v5.5.31
v5.5.32
v5.5.33
v5.5.34
v5.5.35
v5.5.36
v5.5.37
v5.5.38
v5.5.39
v5.5.40
v5.5.41
v5.5.42
v5.5.43
v5.5.44
v5.5.45
v5.5.46
v5.5.47
v5.5.48
v5.5.49
v5.5.50
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.19
v5.6.20
v5.6.21
v5.6.22
v5.6.23
v5.6.24
v5.6.25
v5.6.26
v5.6.27
v5.6.28
v5.6.29
v5.6.30
v5.6.31
v5.6.32
v5.6.33
v5.6.34
v5.6.35
v5.6.36
v5.6.37
v5.6.38
v5.6.39
v5.6.40
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.17
v5.7.18
v5.7.19
v5.7.20
v5.7.21
v5.7.22
v5.7.23
v5.7.24
v5.7.25
v5.7.26
v5.7.27
v5.7.28
v5.7.29
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.19
v5.8.20
v5.8.21
v5.8.22
v5.8.23
v5.8.24
v5.8.25
v5.8.26
v5.8.27
v5.8.28
v5.8.29
v5.8.30
v5.8.31
v5.8.32
v5.8.33
v5.8.34
v5.8.35
v5.8.36
v5.8.37
v5.8.38

5.*

5.0.30
5.2.41

v6.*

v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.1.0
v6.2.0
v6.3.0
v6.4.0
v6.4.1
v6.5.0
v6.5.1
v6.5.2
v6.6.0
v6.6.1
v6.6.2
v6.7.0
v6.8.0
v6.9.0
v6.10.0
v6.10.1
v6.11.0
v6.12.0
v6.13.0
v6.13.1
v6.14.0
v6.15.0
v6.15.1
v6.16.0
v6.17.0
v6.17.1
v6.18.0
v6.18.1
v6.18.2
v6.18.3
v6.18.4
v6.18.5
v6.18.6
v6.18.7
v6.18.8
v6.18.9
v6.18.10
v6.18.11
v6.18.12
v6.18.13
v6.18.14
v6.18.15
v6.18.16
v6.18.17
v6.18.18
v6.18.19
v6.18.20
v6.18.21
v6.18.22
v6.18.23
v6.18.24
v6.18.25
v6.18.26
v6.18.27
v6.18.28
v6.18.29
v6.18.30
v6.18.31
v6.18.32
v6.18.33
v6.18.34
v6.18.35
v6.18.36
v6.18.37
v6.18.38
v6.18.39
v6.18.40
v6.18.41
v6.18.42
v6.18.43
v6.19.0
v6.19.1
v6.20.0
v6.20.1
v6.20.2
v6.20.3
v6.20.4
v6.20.5
v6.20.6
v6.20.7
v6.20.8
v6.20.9
v6.20.10
v6.20.11
v6.20.12
v6.20.13
v6.20.14
v6.20.15
v6.20.16
v6.20.17
v6.20.18
v6.20.19
v6.20.20
v6.20.21
v6.20.22
v6.20.23
v6.20.24
v6.20.25
v6.20.26
v6.20.27
v6.20.28
v6.20.29
v6.20.30
v6.20.31
v6.20.32
v6.20.33
v6.20.34
v6.20.35
v6.20.36
v6.20.37
v6.20.38
v6.20.39
v6.20.40
v6.20.41
v6.20.42
v6.20.43
v6.20.44

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.30.7

Affected versions

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.2.0
v7.2.1
v7.2.2
v7.3.0
v7.4.0
v7.5.0
v7.5.1
v7.5.2
v7.6.0
v7.6.1
v7.6.2
v7.7.0
v7.7.1
v7.8.0
v7.8.1
v7.9.0
v7.9.1
v7.9.2
v7.10.0
v7.10.1
v7.10.2
v7.10.3
v7.11.0
v7.12.0
v7.13.0
v7.14.0
v7.14.1
v7.15.0
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.2
v7.18.0
v7.19.0
v7.19.1
v7.20.0
v7.21.0
v7.22.0
v7.22.1
v7.22.2
v7.22.3
v7.22.4
v7.23.0
v7.23.1
v7.23.2
v7.24.0
v7.25.0
v7.26.0
v7.26.1
v7.27.0
v7.28.0
v7.28.1
v7.28.2
v7.28.3
v7.28.4
v7.29.0
v7.29.1
v7.29.2
v7.29.3
v7.30.0
v7.30.1
v7.30.2
v7.30.3
v7.30.4
v7.30.5
v7.30.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.83.28

Affected versions

v8.*

v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.2.0
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.7.1
v8.8.0
v8.9.0
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.12.0
v8.12.1
v8.12.2
v8.12.3
v8.13.0
v8.14.0
v8.15.0
v8.16.0
v8.16.1
v8.17.0
v8.17.1
v8.17.2
v8.18.0
v8.18.1
v8.19.0
v8.20.0
v8.20.1
v8.21.0
v8.22.0
v8.22.1
v8.23.0
v8.23.1
v8.24.0
v8.25.0
v8.26.0
v8.26.1
v8.27.0
v8.28.0
v8.28.1
v8.29.0
v8.30.0
v8.30.1
v8.31.0
v8.32.0
v8.32.1
v8.33.0
v8.33.1
v8.34.0
v8.35.0
v8.35.1
v8.36.0
v8.36.1
v8.36.2
v8.37.0
v8.38.0
v8.39.0
v8.40.0
v8.41.0
v8.42.0
v8.42.1
v8.43.0
v8.44.0
v8.45.0
v8.45.1
v8.46.0
v8.47.0
v8.48.0
v8.48.1
v8.48.2
v8.49.0
v8.49.1
v8.49.2
v8.50.0
v8.51.0
v8.52.0
v8.53.0
v8.53.1
v8.54.0
v8.55.0
v8.56.0
v8.57.0
v8.58.0
v8.59.0
v8.60.0
v8.61.0
v8.62.0
v8.63.0
v8.64.0
v8.65.0
v8.66.0
v8.67.0
v8.68.0
v8.68.1
v8.69.0
v8.70.0
v8.70.1
v8.70.2
v8.71.0
v8.72.0
v8.73.0
v8.73.1
v8.73.2
v8.74.0
v8.75.0
v8.76.0
v8.76.1
v8.76.2
v8.77.0
v8.77.1
v8.78.0
v8.78.1
v8.79.0
v8.80.0
v8.81.0
v8.82.0
v8.83.0
v8.83.1
v8.83.2
v8.83.3
v8.83.4
v8.83.5
v8.83.6
v8.83.7
v8.83.8
v8.83.9
v8.83.10
v8.83.11
v8.83.12
v8.83.13
v8.83.14
v8.83.15
v8.83.16
v8.83.17
v8.83.18
v8.83.19
v8.83.20
v8.83.21
v8.83.22
v8.83.23
v8.83.24
v8.83.25
v8.83.26
v8.83.27

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.52.17

Affected versions

v9.*

v9.0.0
v9.0.1
v9.0.2
v9.1.0
v9.2.0
v9.3.0
v9.3.1
v9.4.0
v9.4.1
v9.5.0
v9.5.1
v9.6.0
v9.7.0
v9.8.0
v9.8.1
v9.9.0
v9.10.0
v9.10.1
v9.11.0
v9.12.0
v9.12.1
v9.12.2
v9.13.0
v9.14.0
v9.14.1
v9.15.0
v9.16.0
v9.17.0
v9.18.0
v9.19.0
v9.20.0
v9.21.0
v9.21.1
v9.21.2
v9.21.3
v9.21.4
v9.21.5
v9.21.6
v9.22.0
v9.22.1
v9.23.0
v9.24.0
v9.25.0
v9.25.1
v9.26.0
v9.26.1
v9.27.0
v9.28.0
v9.29.0
v9.30.0
v9.30.1
v9.31.0
v9.32.0
v9.33.0
v9.34.0
v9.35.0
v9.35.1
v9.36.0
v9.36.1
v9.36.2
v9.36.3
v9.36.4
v9.37.0
v9.38.0
v9.39.0
v9.40.0
v9.40.1
v9.41.0
v9.42.0
v9.42.1
v9.42.2
v9.43.0
v9.44.0
v9.45.0
v9.45.1
v9.46.0
v9.47.0
v9.48.0
v9.49.0
v9.50.0
v9.50.1
v9.50.2
v9.51.0
v9.52.0
v9.52.1
v9.52.2
v9.52.3
v9.52.4
v9.52.5
v9.52.6
v9.52.7
v9.52.8
v9.52.9
v9.52.10
v9.52.11
v9.52.12
v9.52.13
v9.52.14
v9.52.15
v9.52.16

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0
Fixed
10.48.23

Affected versions

v10.*

v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.2.0
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.4.0
v10.4.1
v10.5.0
v10.5.1
v10.6.0
v10.6.1
v10.6.2
v10.7.0
v10.7.1
v10.8.0
v10.9.0
v10.10.0
v10.10.1
v10.11.0
v10.12.0
v10.13.0
v10.13.1
v10.13.2
v10.13.3
v10.13.5
v10.14.0
v10.14.1
v10.15.0
v10.16.0
v10.16.1
v10.17.0
v10.17.1
v10.18.0
v10.19.0
v10.20.0
v10.21.0
v10.21.1
v10.22.0
v10.23.0
v10.23.1
v10.24.0
v10.25.0
v10.25.1
v10.25.2
v10.26.0
v10.26.1
v10.26.2
v10.27.0
v10.28.0
v10.29.0
v10.30.0
v10.30.1
v10.31.0
v10.32.0
v10.32.1
v10.33.0
v10.34.0
v10.34.1
v10.34.2
v10.35.0
v10.36.0
v10.37.0
v10.37.1
v10.37.2
v10.37.3
v10.38.0
v10.38.1
v10.38.2
v10.39.0
v10.40.0
v10.41.0
v10.42.0
v10.43.0
v10.44.0
v10.45.0
v10.45.1
v10.46.0
v10.47.0
v10.48.0
v10.48.1
v10.48.2
v10.48.3
v10.48.4
v10.48.5
v10.48.6
v10.48.7
v10.48.8
v10.48.9
v10.48.10
v10.48.11
v10.48.12
v10.48.13
v10.48.14
v10.48.15
v10.48.16
v10.48.17
v10.48.18
v10.48.19
v10.48.20
v10.48.21
v10.48.22

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"

laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
11.31.0

Affected versions

v11.*

v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.0.5
v11.0.6
v11.0.7
v11.0.8
v11.1.0
v11.1.1
v11.2.0
v11.3.0
v11.3.1
v11.4.0
v11.5.0
v11.6.0
v11.7.0
v11.8.0
v11.9.0
v11.9.1
v11.9.2
v11.10.0
v11.11.0
v11.11.1
v11.12.0
v11.13.0
v11.14.0
v11.15.0
v11.16.0
v11.17.0
v11.18.0
v11.18.1
v11.19.0
v11.20.0
v11.21.0
v11.22.0
v11.23.0
v11.23.1
v11.23.2
v11.23.3
v11.23.4
v11.23.5
v11.24.0
v11.24.1
v11.25.0
v11.26.0
v11.27.0
v11.27.1
v11.27.2
v11.28.0
v11.28.1
v11.29.0
v11.30.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-gv7v-rgg6-548h/GHSA-gv7v-rgg6-548h.json"