CVE-2024-52301: Laravel environment manipulation via query string
(updated )
When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2024-52301.yaml
- github.com/advisories/GHSA-gv7v-rgg6-548h
- github.com/laravel/framework
- github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
- lists.debian.org/debian-lts-announce/2024/12/msg00019.html
- nvd.nist.gov/vuln/detail/CVE-2024-52301
Detect and mitigate CVE-2024-52301 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →