Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Environment manipulation via query string

High
taylorotwell publishedGHSA-gv7v-rgg6-548hNov 12, 2024

Package

composerlaravel/framework (Composer)

Affected versions

<6.20.45,>=7,<7.30.7,>=8,<8.83.28,>=9,<9.52.17,>=10,<10.48.23,>=11,<11.31.0

Patched versions

6.20.45,7.30.7,8.83.28,9.52.17,10.48.23,11.31.0

Description

Description

When theregister_argc_argv php directive is set toon , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

Resolution

The framework now ignores argv values for environment detection on non-cli SAPIs.

Severity

High

CVE ID

CVE-2024-52301

Weaknesses

No CWEs
[8]ページ先頭
©2009-2025 Movatter.jp