Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jN3JtLXcyaGoteDhnM84AAl0W
Guard bypass in Eloquent models affecting Laravel illuminate database component
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment.
Permalink: https://github.com/advisories/GHSA-c7rm-w2hj-x8g3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jN3JtLXcyaGoteDhnM84AAl0W
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 5 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-c7rm-w2hj-x8g3, CVE-2020-24940
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-24940
- https://blog.laravel.com/security-release-laravel-61834-7232
- https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/database/CVE-2020-24940.yaml
- https://github.com/advisories/GHSA-c7rm-w2hj-x8g3
Affected Packages
packagist:illuminate/database
Dependent packages: 7,980Dependent repositories: 29,173
Downloads: 39,300,473 total
Affected Version Ranges: >= 7.0.0, < 7.23.2, >= 6.0.0, < 6.18.34, >= 5.5.0, <= 5.5.44
Fixed in: 7.23.2, 6.18.34,
All affected versions: 5.5.0, 5.5.2, 5.5.16, 5.5.17, 5.5.28, 5.5.33, 5.5.34, 5.5.35, 5.5.36, 5.5.37, 5.5.39, 5.5.40, 5.5.41, 5.5.43, 5.5.44, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.2.0, 6.3.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.8.0, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 6.15.1, 6.16.0, 6.17.0, 6.17.1, 6.18.0, 6.18.1, 6.18.2, 6.18.3, 6.18.4, 6.18.5, 6.18.6, 6.18.7, 6.18.8, 6.18.9, 6.18.10, 6.18.11, 6.18.12, 6.18.13, 6.18.14, 6.18.15, 6.18.16, 6.18.17, 6.18.18, 6.18.19, 6.18.20, 6.18.21, 6.18.22, 6.18.23, 6.18.24, 6.18.25, 6.18.26, 6.18.27, 6.18.28, 6.18.29, 6.18.30, 6.18.31, 6.18.32, 6.18.33, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.6.0, 7.6.1, 7.6.2, 7.7.0, 7.7.1, 7.8.0, 7.8.1, 7.9.0, 7.9.1, 7.9.2, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.11.0, 7.12.0, 7.13.0, 7.14.0, 7.14.1, 7.15.0, 7.16.0, 7.16.1, 7.17.0, 7.17.1, 7.17.2, 7.18.0, 7.19.0, 7.19.1, 7.20.0, 7.21.0, 7.22.0, 7.22.1, 7.22.2, 7.22.3, 7.22.4, 7.23.0, 7.23.1
All unaffected versions: 1.0.0, 1.1.0, 1.1.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.1.24, 4.1.25, 4.1.26, 4.1.27, 4.1.28, 4.1.29, 4.1.30, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.12, 4.2.16, 4.2.17, 5.0.0, 5.0.4, 5.0.22, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.33, 5.1.1, 5.1.2, 5.1.6, 5.1.8, 5.1.13, 5.1.16, 5.1.20, 5.1.22, 5.1.25, 5.1.28, 5.1.30, 5.1.31, 5.1.41, 5.2.0, 5.2.6, 5.2.7, 5.2.19, 5.2.21, 5.2.24, 5.2.25, 5.2.26, 5.2.27, 5.2.28, 5.2.31, 5.2.32, 5.2.37, 5.2.43, 5.2.45, 5.3.0, 5.3.4, 5.3.16, 5.3.23, 5.4.0, 5.4.9, 5.4.13, 5.4.17, 5.4.19, 5.4.27, 5.4.36, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.7.15, 5.7.17, 5.7.18, 5.7.19, 5.7.20, 5.7.21, 5.7.22, 5.7.23, 5.7.26, 5.7.27, 5.7.28, 5.8.0, 5.8.2, 5.8.3, 5.8.4, 5.8.8, 5.8.9, 5.8.11, 5.8.12, 5.8.14, 5.8.15, 5.8.17, 5.8.18, 5.8.19, 5.8.20, 5.8.22, 5.8.24, 5.8.27, 5.8.28, 5.8.29, 5.8.30, 5.8.31, 5.8.32, 5.8.33, 5.8.34, 5.8.35, 5.8.36, 6.18.34, 6.18.35, 6.18.36, 6.18.37, 6.18.38, 6.18.39, 6.18.40, 6.18.41, 6.18.42, 6.18.43, 6.19.0, 6.19.1, 6.20.0, 6.20.1, 6.20.2, 6.20.3, 6.20.4, 6.20.5, 6.20.6, 6.20.7, 6.20.8, 6.20.9, 6.20.10, 6.20.11, 6.20.12, 6.20.13, 6.20.14, 6.20.15, 6.20.16, 6.20.17, 6.20.18, 6.20.19, 6.20.20, 6.20.21, 6.20.22, 6.20.23, 6.20.24, 6.20.25, 6.20.26, 6.20.27, 6.20.28, 6.20.29, 6.20.30, 6.20.31, 6.20.32, 6.20.33, 6.20.34, 6.20.35, 6.20.36, 6.20.37, 6.20.38, 6.20.39, 6.20.40, 6.20.41, 6.20.42, 6.20.43, 6.20.44, 7.23.2, 7.24.0, 7.25.0, 7.26.0, 7.26.1, 7.27.0, 7.28.0, 7.28.1, 7.28.2, 7.28.3, 7.28.4, 7.29.0, 7.29.1, 7.29.2, 7.29.3, 7.30.0, 7.30.1, 7.30.2, 7.30.3, 7.30.4, 7.30.5, 7.30.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.11.1, 8.11.2, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.16.1, 8.17.0, 8.17.2, 8.18.0, 8.18.1, 8.19.0, 8.20.0, 8.20.1, 8.21.0, 8.22.0, 8.22.1, 8.23.1, 8.24.0, 8.25.0, 8.26.0, 8.26.1, 8.27.0, 8.28.0, 8.28.1, 8.29.0, 8.30.0, 8.30.1, 8.31.0, 8.32.0, 8.32.1, 8.33.0, 8.33.1, 8.34.0, 8.35.0, 8.35.1, 8.36.0, 8.36.1, 8.36.2, 8.37.0, 8.38.0, 8.39.0, 8.40.0, 8.41.0, 8.42.0, 8.42.1, 8.43.0, 8.44.0, 8.45.0, 8.45.1, 8.46.0, 8.47.0, 8.48.0, 8.48.1, 8.48.2, 8.49.0, 8.49.1, 8.49.2, 8.50.0, 8.51.0, 8.52.0, 8.53.0, 8.53.1, 8.54.0, 8.55.0, 8.56.0, 8.57.0, 8.58.0, 8.59.0, 8.60.0, 8.61.0, 8.62.0, 8.63.0, 8.64.0, 8.65.0, 8.66.0, 8.67.0, 8.68.0, 8.68.1, 8.69.0, 8.70.0, 8.70.1, 8.70.2, 8.71.0, 8.72.0, 8.73.0, 8.73.1, 8.73.2, 8.74.0, 8.75.0, 8.76.0, 8.76.1, 8.76.2, 8.77.0, 8.77.1, 8.78.0, 8.78.1, 8.79.0, 8.80.0, 8.81.0, 8.82.0, 8.83.0, 8.83.1, 8.83.2, 8.83.3, 8.83.4, 8.83.5, 8.83.6, 8.83.7, 8.83.8, 8.83.9, 8.83.10, 8.83.11, 8.83.12, 8.83.13, 8.83.14, 8.83.15, 8.83.16, 8.83.17, 8.83.18, 8.83.19, 8.83.20, 8.83.21, 8.83.22, 8.83.23, 8.83.24, 8.83.25, 8.83.26, 8.83.27, 9.0.0, 9.0.1, 9.0.2, 9.1.0, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.5.0, 9.5.1, 9.6.0, 9.7.0, 9.8.0, 9.8.1, 9.9.0, 9.10.0, 9.10.1, 9.11.0, 9.12.0, 9.12.1, 9.12.2, 9.13.0, 9.14.0, 9.14.1, 9.15.0, 9.16.0, 9.17.0, 9.18.0, 9.19.0, 9.20.0, 9.21.0, 9.21.1, 9.21.2, 9.21.3, 9.21.4, 9.21.5, 9.21.6, 9.22.0, 9.22.1, 9.23.0, 9.24.0, 9.25.0, 9.25.1, 9.26.0, 9.26.1, 9.27.0, 9.28.0, 9.29.0, 9.30.0, 9.30.1, 9.31.0, 9.32.0, 9.33.0, 9.34.0, 9.35.0, 9.35.1, 9.36.0, 9.36.1, 9.36.2, 9.36.3, 9.36.4, 9.37.0, 9.38.0, 9.39.0, 9.40.0, 9.40.1, 9.41.0, 9.42.0, 9.42.1, 9.42.2, 9.43.0, 9.44.0, 9.45.0, 9.45.1, 9.46.0, 9.47.0, 9.48.0, 9.49.0, 9.50.0, 9.50.1, 9.50.2, 9.51.0, 9.52.0, 9.52.1, 9.52.2, 9.52.3, 9.52.4, 9.52.5, 9.52.6, 9.52.7, 9.52.8, 9.52.9, 9.52.10, 9.52.11, 9.52.12, 9.52.13, 9.52.14, 9.52.15, 9.52.16, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.4.0, 10.4.1, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.6.2, 10.7.0, 10.7.1, 10.8.0, 10.9.0, 10.10.0, 10.10.1, 10.11.0, 10.12.0, 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.5, 10.14.0, 10.14.1, 10.15.0, 10.16.0, 10.16.1, 10.17.0, 10.17.1, 10.18.0, 10.19.0, 10.20.0, 10.21.0, 10.21.1, 10.22.0, 10.23.0, 10.23.1, 10.24.0, 10.25.0, 10.25.1, 10.25.2, 10.26.0, 10.26.1, 10.26.2, 10.27.0, 10.28.0, 10.29.0, 10.30.0, 10.30.1, 10.31.0, 10.32.0, 10.32.1, 10.33.0, 10.34.0, 10.34.1, 10.34.2, 10.35.0, 10.36.0, 10.37.1, 10.37.2, 10.37.3, 10.38.0, 10.38.1, 10.38.2, 10.39.0, 10.40.0, 10.41.0, 10.42.0, 10.43.0, 10.44.0, 10.45.0, 10.45.1, 10.46.0, 10.47.0, 10.48.0, 10.48.1, 10.48.2, 10.48.3, 10.48.4, 10.48.5, 10.48.6, 10.48.7, 10.48.8, 10.48.9, 10.48.10, 10.48.11, 10.48.12, 10.48.13, 10.48.14, 10.48.15, 10.48.16, 10.48.17, 10.48.18, 10.48.19, 10.48.20, 10.48.22, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.1.0, 11.1.1, 11.2.0, 11.3.0, 11.3.1, 11.4.0, 11.5.0, 11.6.0, 11.7.0, 11.8.0, 11.9.0, 11.9.1, 11.9.2, 11.10.0, 11.11.0, 11.11.1, 11.12.0, 11.13.0, 11.14.0, 11.15.0, 11.16.0, 11.17.0, 11.18.0, 11.18.1, 11.19.0, 11.20.0, 11.21.0, 11.22.0, 11.23.0, 11.23.1, 11.23.2, 11.23.4, 11.23.5