CVE-2021-3129: Code Injection

January 12, 2021 (updated February 22, 2022)

Ignition, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel

References

nvd.nist.gov/vuln/detail/CVE-2021-3129

Detect and mitigate CVE-2021-3129 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →