CVE-2021-43617

Unrestricted Upload of File with Dangerous Type in packagist/laravel/framework

Identifiers

CVE-2021-43617

Package Slug

packagist/laravel/framework

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

Laravel Framework does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. Note, this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Affected Versions

All versions up to 8.70.2

Solution

Upgrade to version 8.71.0 or above.

Last Modified

2021-11-19

source