CVE-2021-43503: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

April 9, 2022 (updated April 12, 2022)

A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.

References

github.com/advisories/GHSA-86r3-4gq8-xw8q
github.com/guoyanan1g/Laravel-vul/issues/2
nvd.nist.gov/vuln/detail/CVE-2021-43503

Detect and mitigate CVE-2021-43503 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →