Ce mail provient de l'extérieur, restons vigilants

======================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN472
_____________________________________________________________________

DATE                : 15/11/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running laravel versions prior to
                      6.20.45,7.30.7,8.83.28,9.52.17,10.48.23,11.31.0.

=====================================================================
https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
_____________________________________________________________________


Environment manipulation via query string
High taylorotwell published GHSA-gv7v-rgg6-548h Nov 12, 2024
Package laravel/framework (Composer)

Affected versions
<6.20.45,>=7,<7.30.7,>=8,<8.83.28,>=9,<9.52.17,>=10,<10.48.23,>=11,
<11.31.0
Patched versions
6.20.45,7.30.7,8.83.28,9.52.17,10.48.23,11.31.0


Description

Description

When the register_argc_argv php directive is set to on , and users
call any URL with a special crafted query string, they are able to
change the environment used by the framework when handling the
request.


Resolution

The framework now ignores argv values for environment detection on
non-cli SAPIs.

Severity
High
CVE ID
CVE-2024-52301
Weaknesses
No CWEs

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================