Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zNjR3LTlnOTItM2dycc0XOA

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

Withdrawn

This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue.

Original CVE based description

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. In some use cases, this may be related to file-type validation for image upload (e.g., differences between getClientOriginalExtension and other approaches).

Permalink: https://github.com/advisories/GHSA-364w-9g92-3grq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNjR3LTlnOTItM2dycc0XOA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago

Widthdrawn: over 2 years ago

Identifiers: GHSA-364w-9g92-3grq, CVE-2021-43617
References: Repository: https://github.com/laravel/framework
Blast Radius: 0.0

Affected Packages

packagist:laravel/framework
Dependent packages: 14,120
Dependent repositories: 474,622
Downloads: 322,028,289 total
Affected Version Ranges: <= 8.70.2
No known fixed version
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.1.24, 4.1.25, 4.1.26, 4.1.27, 4.1.28, 4.1.29, 4.1.30, 4.1.31, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.2.15, 4.2.16, 4.2.17, 4.2.18, 4.2.19, 4.2.20, 4.2.21, 4.2.22, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41, 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.20, 5.2.21, 5.2.22, 5.2.23, 5.2.24, 5.2.25, 5.2.26, 5.2.27, 5.2.28, 5.2.29, 5.2.30, 5.2.31, 5.2.32, 5.2.33, 5.2.34, 5.2.35, 5.2.36, 5.2.37, 5.2.38, 5.2.39, 5.2.40, 5.2.41, 5.2.42, 5.2.43, 5.2.44, 5.2.45, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.4.16, 5.4.17, 5.4.18, 5.4.19, 5.4.20, 5.4.21, 5.4.22, 5.4.23, 5.4.24, 5.4.25, 5.4.26, 5.4.27, 5.4.28, 5.4.29, 5.4.30, 5.4.31, 5.4.32, 5.4.33, 5.4.34, 5.4.35, 5.4.36, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 5.5.32, 5.5.33, 5.5.34, 5.5.35, 5.5.36, 5.5.37, 5.5.38, 5.5.39, 5.5.40, 5.5.41, 5.5.42, 5.5.43, 5.5.44, 5.5.45, 5.5.46, 5.5.47, 5.5.48, 5.5.49, 5.5.50, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.7.12, 5.7.13, 5.7.14, 5.7.15, 5.7.16, 5.7.17, 5.7.18, 5.7.19, 5.7.20, 5.7.21, 5.7.22, 5.7.23, 5.7.24, 5.7.25, 5.7.26, 5.7.27, 5.7.28, 5.7.29, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 5.8.10, 5.8.11, 5.8.12, 5.8.13, 5.8.14, 5.8.15, 5.8.16, 5.8.17, 5.8.18, 5.8.19, 5.8.20, 5.8.21, 5.8.22, 5.8.23, 5.8.24, 5.8.25, 5.8.26, 5.8.27, 5.8.28, 5.8.29, 5.8.30, 5.8.31, 5.8.32, 5.8.33, 5.8.34, 5.8.35, 5.8.36, 5.8.37, 5.8.38, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.10.1, 6.11.0, 6.12.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 6.15.1, 6.16.0, 6.17.0, 6.17.1, 6.18.0, 6.18.1, 6.18.2, 6.18.3, 6.18.4, 6.18.5, 6.18.6, 6.18.7, 6.18.8, 6.18.9, 6.18.10, 6.18.11, 6.18.12, 6.18.13, 6.18.14, 6.18.15, 6.18.16, 6.18.17, 6.18.18, 6.18.19, 6.18.20, 6.18.21, 6.18.22, 6.18.23, 6.18.24, 6.18.25, 6.18.26, 6.18.27, 6.18.28, 6.18.29, 6.18.30, 6.18.31, 6.18.32, 6.18.33, 6.18.34, 6.18.35, 6.18.36, 6.18.37, 6.18.38, 6.18.39, 6.18.40, 6.18.41, 6.18.42, 6.18.43, 6.19.0, 6.19.1, 6.20.0, 6.20.1, 6.20.2, 6.20.3, 6.20.4, 6.20.5, 6.20.6, 6.20.7, 6.20.8, 6.20.9, 6.20.10, 6.20.11, 6.20.12, 6.20.13, 6.20.14, 6.20.15, 6.20.16, 6.20.17, 6.20.18, 6.20.19, 6.20.20, 6.20.21, 6.20.22, 6.20.23, 6.20.24, 6.20.25, 6.20.26, 6.20.27, 6.20.28, 6.20.29, 6.20.30, 6.20.31, 6.20.32, 6.20.33, 6.20.34, 6.20.35, 6.20.36, 6.20.37, 6.20.38, 6.20.39, 6.20.40, 6.20.41, 6.20.42, 6.20.43, 6.20.44, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.6.0, 7.6.1, 7.6.2, 7.7.0, 7.7.1, 7.8.0, 7.8.1, 7.9.0, 7.9.1, 7.9.2, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.11.0, 7.12.0, 7.13.0, 7.14.0, 7.14.1, 7.15.0, 7.16.0, 7.16.1, 7.17.0, 7.17.1, 7.17.2, 7.18.0, 7.19.0, 7.19.1, 7.20.0, 7.21.0, 7.22.0, 7.22.1, 7.22.2, 7.22.3, 7.22.4, 7.23.0, 7.23.1, 7.23.2, 7.24.0, 7.25.0, 7.26.0, 7.26.1, 7.27.0, 7.28.0, 7.28.1, 7.28.2, 7.28.3, 7.28.4, 7.29.0, 7.29.1, 7.29.2, 7.29.3, 7.30.0, 7.30.1, 7.30.2, 7.30.3, 7.30.4, 7.30.5, 7.30.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.11.1, 8.11.2, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.16.1, 8.17.0, 8.17.1, 8.17.2, 8.18.0, 8.18.1, 8.19.0, 8.20.0, 8.20.1, 8.21.0, 8.22.0, 8.22.1, 8.23.0, 8.23.1, 8.24.0, 8.25.0, 8.26.0, 8.26.1, 8.27.0, 8.28.0, 8.28.1, 8.29.0, 8.30.0, 8.30.1, 8.31.0, 8.32.0, 8.32.1, 8.33.0, 8.33.1, 8.34.0, 8.35.0, 8.35.1, 8.36.0, 8.36.1, 8.36.2, 8.37.0, 8.38.0, 8.39.0, 8.40.0, 8.41.0, 8.42.0, 8.42.1, 8.43.0, 8.44.0, 8.45.0, 8.45.1, 8.46.0, 8.47.0, 8.48.0, 8.48.1, 8.48.2, 8.49.0, 8.49.1, 8.49.2, 8.50.0, 8.51.0, 8.52.0, 8.53.0, 8.53.1, 8.54.0, 8.55.0, 8.56.0, 8.57.0, 8.58.0, 8.59.0, 8.60.0, 8.61.0, 8.62.0, 8.63.0, 8.64.0, 8.65.0, 8.66.0, 8.67.0, 8.68.0, 8.68.1, 8.69.0, 8.70.0, 8.70.1, 8.70.2