Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Impact
Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability.
Patches
This problem has been patched on Laravel versions 6.20.26, 7.30.5, and 8.40.0.
Workarounds
You may workaround this vulnerability by ensuring that only integers are passed to the limit and offset functions, as well as the skip and take functions.
Permalink: https://github.com/advisories/GHSA-wq8p-mqvg-2p5hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 6 months ago
Identifiers: GHSA-wq8p-mqvg-2p5h
References:
- https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
- https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2021-04-28.yaml
- https://github.com/advisories/GHSA-wq8p-mqvg-2p5h
Blast Radius: 0.0
Affected Packages
packagist:laravel/framework
Dependent packages: 15,019Dependent repositories: 474,622
Downloads: 368,484,953 total
Affected Version Ranges: >= 8.0.0, < 8.40.0, >= 7.0.0, < 7.30.5, >= 6.0.0, < 6.20.26
Fixed in: 8.40.0, 7.30.5, 6.20.26
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.10.1, 6.11.0, 6.12.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 6.15.1, 6.16.0, 6.17.0, 6.17.1, 6.18.0, 6.18.1, 6.18.2, 6.18.3, 6.18.4, 6.18.5, 6.18.6, 6.18.7, 6.18.8, 6.18.9, 6.18.10, 6.18.11, 6.18.12, 6.18.13, 6.18.14, 6.18.15, 6.18.16, 6.18.17, 6.18.18, 6.18.19, 6.18.20, 6.18.21, 6.18.22, 6.18.23, 6.18.24, 6.18.25, 6.18.26, 6.18.27, 6.18.28, 6.18.29, 6.18.30, 6.18.31, 6.18.32, 6.18.33, 6.18.34, 6.18.35, 6.18.36, 6.18.37, 6.18.38, 6.18.39, 6.18.40, 6.18.41, 6.18.42, 6.18.43, 6.19.0, 6.19.1, 6.20.0, 6.20.1, 6.20.2, 6.20.3, 6.20.4, 6.20.5, 6.20.6, 6.20.7, 6.20.8, 6.20.9, 6.20.10, 6.20.11, 6.20.12, 6.20.13, 6.20.14, 6.20.15, 6.20.16, 6.20.17, 6.20.18, 6.20.19, 6.20.20, 6.20.21, 6.20.22, 6.20.23, 6.20.24, 6.20.25, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.6.0, 7.6.1, 7.6.2, 7.7.0, 7.7.1, 7.8.0, 7.8.1, 7.9.0, 7.9.1, 7.9.2, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.11.0, 7.12.0, 7.13.0, 7.14.0, 7.14.1, 7.15.0, 7.16.0, 7.16.1, 7.17.0, 7.17.1, 7.17.2, 7.18.0, 7.19.0, 7.19.1, 7.20.0, 7.21.0, 7.22.0, 7.22.1, 7.22.2, 7.22.3, 7.22.4, 7.23.0, 7.23.1, 7.23.2, 7.24.0, 7.25.0, 7.26.0, 7.26.1, 7.27.0, 7.28.0, 7.28.1, 7.28.2, 7.28.3, 7.28.4, 7.29.0, 7.29.1, 7.29.2, 7.29.3, 7.30.0, 7.30.1, 7.30.2, 7.30.3, 7.30.4, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.11.1, 8.11.2, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.16.1, 8.17.0, 8.17.1, 8.17.2, 8.18.0, 8.18.1, 8.19.0, 8.20.0, 8.20.1, 8.21.0, 8.22.0, 8.22.1, 8.23.0, 8.23.1, 8.24.0, 8.25.0, 8.26.0, 8.26.1, 8.27.0, 8.28.0, 8.28.1, 8.29.0, 8.30.0, 8.30.1, 8.31.0, 8.32.0, 8.32.1, 8.33.0, 8.33.1, 8.34.0, 8.35.0, 8.35.1, 8.36.0, 8.36.1, 8.36.2, 8.37.0, 8.38.0, 8.39.0
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.1.24, 4.1.25, 4.1.26, 4.1.27, 4.1.28, 4.1.29, 4.1.30, 4.1.31, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.2.15, 4.2.16, 4.2.17, 4.2.18, 4.2.19, 4.2.20, 4.2.21, 4.2.22, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41, 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.20, 5.2.21, 5.2.22, 5.2.23, 5.2.24, 5.2.25, 5.2.26, 5.2.27, 5.2.28, 5.2.29, 5.2.30, 5.2.31, 5.2.32, 5.2.33, 5.2.34, 5.2.35, 5.2.36, 5.2.37, 5.2.38, 5.2.39, 5.2.40, 5.2.41, 5.2.42, 5.2.43, 5.2.44, 5.2.45, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.4.16, 5.4.17, 5.4.18, 5.4.19, 5.4.20, 5.4.21, 5.4.22, 5.4.23, 5.4.24, 5.4.25, 5.4.26, 5.4.27, 5.4.28, 5.4.29, 5.4.30, 5.4.31, 5.4.32, 5.4.33, 5.4.34, 5.4.35, 5.4.36, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 5.5.32, 5.5.33, 5.5.34, 5.5.35, 5.5.36, 5.5.37, 5.5.38, 5.5.39, 5.5.40, 5.5.41, 5.5.42, 5.5.43, 5.5.44, 5.5.45, 5.5.46, 5.5.47, 5.5.48, 5.5.49, 5.5.50, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.7.12, 5.7.13, 5.7.14, 5.7.15, 5.7.16, 5.7.17, 5.7.18, 5.7.19, 5.7.20, 5.7.21, 5.7.22, 5.7.23, 5.7.24, 5.7.25, 5.7.26, 5.7.27, 5.7.28, 5.7.29, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 5.8.10, 5.8.11, 5.8.12, 5.8.13, 5.8.14, 5.8.15, 5.8.16, 5.8.17, 5.8.18, 5.8.19, 5.8.20, 5.8.21, 5.8.22, 5.8.23, 5.8.24, 5.8.25, 5.8.26, 5.8.27, 5.8.28, 5.8.29, 5.8.30, 5.8.31, 5.8.32, 5.8.33, 5.8.34, 5.8.35, 5.8.36, 5.8.37, 5.8.38, 6.20.26, 6.20.27, 6.20.28, 6.20.29, 6.20.30, 6.20.31, 6.20.32, 6.20.33, 6.20.34, 6.20.35, 6.20.36, 6.20.37, 6.20.38, 6.20.39, 6.20.40, 6.20.41, 6.20.42, 6.20.43, 6.20.44, 7.30.5, 7.30.6, 8.40.0, 8.41.0, 8.42.0, 8.42.1, 8.43.0, 8.44.0, 8.45.0, 8.45.1, 8.46.0, 8.47.0, 8.48.0, 8.48.1, 8.48.2, 8.49.0, 8.49.1, 8.49.2, 8.50.0, 8.51.0, 8.52.0, 8.53.0, 8.53.1, 8.54.0, 8.55.0, 8.56.0, 8.57.0, 8.58.0, 8.59.0, 8.60.0, 8.61.0, 8.62.0, 8.63.0, 8.64.0, 8.65.0, 8.66.0, 8.67.0, 8.68.0, 8.68.1, 8.69.0, 8.70.0, 8.70.1, 8.70.2, 8.71.0, 8.72.0, 8.73.0, 8.73.1, 8.73.2, 8.74.0, 8.75.0, 8.76.0, 8.76.1, 8.76.2, 8.77.0, 8.77.1, 8.78.0, 8.78.1, 8.79.0, 8.80.0, 8.81.0, 8.82.0, 8.83.0, 8.83.1, 8.83.2, 8.83.3, 8.83.4, 8.83.5, 8.83.6, 8.83.7, 8.83.8, 8.83.9, 8.83.10, 8.83.11, 8.83.12, 8.83.13, 8.83.14, 8.83.15, 8.83.16, 8.83.17, 8.83.18, 8.83.19, 8.83.20, 8.83.21, 8.83.22, 8.83.23, 8.83.24, 8.83.25, 8.83.26, 8.83.27, 9.0.0, 9.0.1, 9.0.2, 9.1.0, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.5.0, 9.5.1, 9.6.0, 9.7.0, 9.8.0, 9.8.1, 9.9.0, 9.10.0, 9.10.1, 9.11.0, 9.12.0, 9.12.1, 9.12.2, 9.13.0, 9.14.0, 9.14.1, 9.15.0, 9.16.0, 9.17.0, 9.18.0, 9.19.0, 9.20.0, 9.21.0, 9.21.1, 9.21.2, 9.21.3, 9.21.4, 9.21.5, 9.21.6, 9.22.0, 9.22.1, 9.23.0, 9.24.0, 9.25.0, 9.25.1, 9.26.0, 9.26.1, 9.27.0, 9.28.0, 9.29.0, 9.30.0, 9.30.1, 9.31.0, 9.32.0, 9.33.0, 9.34.0, 9.35.0, 9.35.1, 9.36.0, 9.36.1, 9.36.2, 9.36.3, 9.36.4, 9.37.0, 9.38.0, 9.39.0, 9.40.0, 9.40.1, 9.41.0, 9.42.0, 9.42.1, 9.42.2, 9.43.0, 9.44.0, 9.45.0, 9.45.1, 9.46.0, 9.47.0, 9.48.0, 9.49.0, 9.50.0, 9.50.1, 9.50.2, 9.51.0, 9.52.0, 9.52.1, 9.52.2, 9.52.3, 9.52.4, 9.52.5, 9.52.6, 9.52.7, 9.52.8, 9.52.9, 9.52.10, 9.52.11, 9.52.12, 9.52.13, 9.52.14, 9.52.15, 9.52.16, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.4.0, 10.4.1, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.6.2, 10.7.0, 10.7.1, 10.8.0, 10.9.0, 10.10.0, 10.10.1, 10.11.0, 10.12.0, 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.5, 10.14.0, 10.14.1, 10.15.0, 10.16.0, 10.16.1, 10.17.0, 10.17.1, 10.18.0, 10.19.0, 10.20.0, 10.21.0, 10.21.1, 10.22.0, 10.23.0, 10.23.1, 10.24.0, 10.25.0, 10.25.1, 10.25.2, 10.26.0, 10.26.1, 10.26.2, 10.27.0, 10.28.0, 10.29.0, 10.30.0, 10.30.1, 10.31.0, 10.32.0, 10.32.1, 10.33.0, 10.34.0, 10.34.1, 10.34.2, 10.35.0, 10.36.0, 10.37.0, 10.37.1, 10.37.2, 10.37.3, 10.38.0, 10.38.1, 10.38.2, 10.39.0, 10.40.0, 10.41.0, 10.42.0, 10.43.0, 10.44.0, 10.45.0, 10.45.1, 10.46.0, 10.47.0, 10.48.0, 10.48.1, 10.48.2, 10.48.3, 10.48.4, 10.48.5, 10.48.6, 10.48.7, 10.48.8, 10.48.9, 10.48.10, 10.48.11, 10.48.12, 10.48.13, 10.48.14, 10.48.15, 10.48.16, 10.48.17, 10.48.18, 10.48.19, 10.48.20, 10.48.21, 10.48.22, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.1.0, 11.1.1, 11.2.0, 11.3.0, 11.3.1, 11.4.0, 11.5.0, 11.6.0, 11.7.0, 11.8.0, 11.9.0, 11.9.1, 11.9.2, 11.10.0, 11.11.0, 11.11.1, 11.12.0, 11.13.0, 11.14.0, 11.15.0, 11.16.0, 11.17.0, 11.18.0, 11.18.1, 11.19.0, 11.20.0, 11.21.0, 11.22.0, 11.23.0, 11.23.1, 11.23.2, 11.23.3, 11.23.4, 11.23.5, 11.24.0, 11.24.1, 11.25.0, 11.26.0, 11.27.0, 11.27.1, 11.27.2, 11.28.0, 11.28.1, 11.29.0