Source: php-laravel-framework Version: 8.83.26+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for php-laravel-framework. CVE-2024-52301[0]: | Laravel is a web application framework. When the register_argc_argv | php directive is set to on , and users call any URL with a special | crafted query string, they are able to change the environment used | by the framework when handling the request. The vulnerability fixed | in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The | framework now ignores argv values for environment detection on non- | cli SAPIs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-52301 https://www.cve.org/CVERecord?id=CVE-2024-52301 [1] https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h [2] https://github.com/laravel/framework/commit/eded6bdfc05af9b5437d107b4d092558fe46292c Regards, Salvatore
