CVE-2021-3129

Code Injection in packagist/facade/ignition

Identifiers

CVE-2021-3129

Package Slug

packagist/facade/ignition

Vulnerability

Code Injection

Description

Ignition, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel

Affected Versions

All versions before 2.5.2

Solution

Upgrade to version 2.5.2 or above.

Last Modified

2021-01-21

source