Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj

Critical EPSS: 0.94287% (0.9993 Percentile) EPSS:
Permalink JSON

Unauthenticated remote code execution in Ignition

Affected Packages Affected Versions Fixed Versions
packagist:facade/ignition < 1.6.15, >= 1.7.0, < 1.16.14, >= 2.0.0, < 2.4.2, >= 2.5.0, < 2.5.2 1.6.15, 1.16.14, 2.4.2, 2.5.2
599 Dependent packages
209,863 Dependent repositories
99,239,506 Downloads total

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 1.8.2, 1.8.4, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 2.0.0, 2.0.1, 2.0.2, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.4.0, 2.4.1, 2.5.0, 2.5.1

All unaffected versions

1.6.15, 1.16.14, 1.16.15, 1.17.0, 1.18.0, 1.18.1, 2.4.2, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.14.0, 2.14.1, 2.15.0, 2.16.0, 2.16.1, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.17.4, 2.17.5, 2.17.6, 2.17.7

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

References:

Identifiers

GHSA-4qwp-7c67-jmcc

CVE-2021-3129

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.94287

EPSS Percentile: 0.9993

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/facade/ignition

Date and time

Published

over 4 years ago

Updated

over 2 years ago

API

JSON