CVE-2022-31279

Deserialization of Untrusted Data in packagist/laravel/laravel

Identifiers

GHSA-vv7q-mfpc-qgm5, CVE-2022-31279

Package Slug

packagist/laravel/laravel

Vulnerability

Deserialization of Untrusted Data

Description

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in _destruct in Illuminate\Broadcasting\PendingBroadcast.php and _call in Faker\Generator.php.

Affected Versions

All versions up to 9.1.8

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-06-17

source