Vulnerabilities > Laravel > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-19 CVE-2021-28254 Deserialization of Untrusted Data vulnerability in Laravel 8.5.9
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
network
low complexity
laravel CWE-502
critical
9.8
2022-08-17 CVE-2022-2870 Deserialization of Untrusted Data vulnerability in Laravel
A vulnerability was found in laravel 5.1 and classified as problematic.
network
low complexity
laravel CWE-502
critical
9.8
2021-11-14 CVE-2021-43617 Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian.
network
low complexity
laravel CWE-434
critical
9.8