CVE-2018-15133

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-15133

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15133.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-15133

Aliases

GHSA-qvqm-h22r-4cp9

Withdrawn

2024-05-15T05:33:08.821244Z

Published

2018-08-09T19:29:00Z

Modified

2024-01-17T02:46:02.574540Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

References

Affected packages

Git / github.com/laravel/framework

Affected ranges

Type: GIT
Repo: https://github.com/laravel/framework
Events: Introduced

56a58e0fa3d845bb992d7c64ac9bb6d0c24b745a

Type: GIT
Repo: https://github.com/laravel/laravel
Events: Introduced

ecfd939ff24aa7561f041c67773c1978b2a2a1b0

Affected versions

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.1.4

v10.1.5

v10.10.0

v10.10.1

v10.11.0

v10.12.0

v10.13.0

v10.13.1

v10.13.2

v10.13.3

v10.13.5

v10.14.0

v10.14.1

v10.15.0

v10.16.0

v10.16.1

v10.17.0

v10.17.1

v10.18.0

v10.19.0

v10.2.0

v10.2.1

v10.2.10

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.20.0

v10.21.0

v10.21.1

v10.22.0

v10.23.0

v10.23.1

v10.24.0

v10.25.0

v10.25.1

v10.25.2

v10.26.0

v10.26.1

v10.26.2

v10.27.0

v10.28.0

v10.29.0

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.30.0

v10.30.1

v10.31.0

v10.32.0

v10.32.1

v10.33.0

v10.34.0

v10.34.1

v10.34.2

v10.35.0

v10.36.0

v10.37.0

v10.37.1

v10.37.2

v10.37.3

v10.38.0

v10.38.1

v10.38.2

v10.39.0

v10.4.0

v10.4.1

v10.40.0

v10.41.0

v10.5.0

v10.5.1

v10.6.0

v10.6.1

v10.6.2

v10.7.0

v10.7.1

v10.8.0

v10.9.0

v5.*

v5.5.35

v5.5.36

v5.5.37

v5.5.38

v5.5.39

v5.5.40

v5.5.41

v5.5.42

v5.5.43

v5.5.44

v5.5.45

v5.5.46

v5.5.47

v5.5.48

v5.5.49

v5.6.0

v5.6.1

v5.6.10

v5.6.11

v5.6.12

v5.6.13

v5.6.14

v5.6.15

v5.6.16

v5.6.17

v5.6.18

v5.6.19

v5.6.2

v5.6.20

v5.6.21

v5.6.22

v5.6.23

v5.6.24

v5.6.25

v5.6.26

v5.6.27

v5.6.28

v5.6.29

v5.6.3

v5.6.30

v5.6.31

v5.6.32

v5.6.33

v5.6.34

v5.6.35

v5.6.36

v5.6.37

v5.6.38

v5.6.39

v5.6.4

v5.6.40

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.6.9

v5.7.0

v5.7.1

v5.7.10

v5.7.11

v5.7.12

v5.7.13

v5.7.14

v5.7.15

v5.7.16

v5.7.17

v5.7.18

v5.7.19

v5.7.2

v5.7.20

v5.7.21

v5.7.22

v5.7.23

v5.7.24

v5.7.25

v5.7.26

v5.7.27

v5.7.28

v5.7.29

v5.7.3

v5.7.4

v5.7.5

v5.7.6

v5.7.7

v5.7.8

v5.7.9

v5.8.0

v5.8.1

v5.8.10

v5.8.11

v5.8.12

v5.8.13

v5.8.14

v5.8.15

v5.8.16

v5.8.17

v5.8.18

v5.8.19

v5.8.2

v5.8.20

v5.8.21

v5.8.22

v5.8.23

v5.8.24

v5.8.25

v5.8.26

v5.8.27

v5.8.28

v5.8.29

v5.8.3

v5.8.30

v5.8.31

v5.8.32

v5.8.33

v5.8.34

v5.8.35

v5.8.36

v5.8.37

v5.8.38

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.1.0

v6.10.0

v6.10.1

v6.11.0

v6.12.0

v6.13.0

v6.13.1

v6.14.0

v6.15.0

v6.15.1

v6.16.0

v6.17.0

v6.17.1

v6.18.0

v6.18.1

v6.18.10

v6.18.11

v6.18.12

v6.18.13

v6.18.14

v6.18.15

v6.18.16

v6.18.17

v6.18.18

v6.18.19

v6.18.2

v6.18.20

v6.18.21

v6.18.22

v6.18.23

v6.18.24

v6.18.25

v6.18.26

v6.18.27

v6.18.28

v6.18.29

v6.18.3

v6.18.30

v6.18.31

v6.18.32

v6.18.33

v6.18.34

v6.18.35

v6.18.36

v6.18.37

v6.18.38

v6.18.39

v6.18.4

v6.18.40

v6.18.41

v6.18.42

v6.18.43

v6.18.5

v6.18.6

v6.18.7

v6.18.8

v6.18.9

v6.19.0

v6.19.1

v6.2.0

v6.20.0

v6.20.1

v6.20.10

v6.20.11

v6.20.12

v6.20.13

v6.20.14

v6.20.15

v6.20.16

v6.20.17

v6.20.18

v6.20.19

v6.20.2

v6.20.20

v6.20.21

v6.20.22

v6.20.23

v6.20.24

v6.20.25

v6.20.26

v6.20.27

v6.20.28

v6.20.29

v6.20.3

v6.20.30

v6.20.31

v6.20.32

v6.20.33

v6.20.34

v6.20.35

v6.20.36

v6.20.37

v6.20.38

v6.20.39

v6.20.4

v6.20.40

v6.20.41

v6.20.42

v6.20.43

v6.20.44

v6.20.5

v6.20.6

v6.20.7

v6.20.8

v6.20.9

v6.3.0

v6.4.0

v6.4.1

v6.5.0

v6.5.1

v6.5.2

v6.6.0

v6.6.1

v6.6.2

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.10.0

v7.10.1

v7.10.2

v7.10.3

v7.11.0

v7.12.0

v7.13.0

v7.14.0

v7.14.1

v7.15.0

v7.16.0

v7.16.1

v7.17.0

v7.17.1

v7.17.2

v7.18.0

v7.19.0

v7.19.1

v7.2.0

v7.2.1

v7.2.2

v7.20.0

v7.21.0

v7.22.0

v7.22.1

v7.22.2

v7.22.3

v7.22.4

v7.23.0

v7.23.1

v7.23.2

v7.24.0

v7.25.0

v7.26.0

v7.26.1

v7.27.0

v7.28.0

v7.28.1

v7.28.2

v7.28.3

v7.28.4

v7.29.0

v7.29.1

v7.29.2

v7.29.3

v7.3.0

v7.30.0

v7.30.1

v7.30.2

v7.30.3

v7.30.4

v7.30.5

v7.30.6

v7.4.0

v7.5.0

v7.5.1

v7.5.2

v7.6.0

v7.6.1

v7.6.2

v7.7.0

v7.7.1

v7.8.0

v7.8.1

v7.9.0

v7.9.1

v7.9.2

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.10.0

v8.11.0

v8.11.1

v8.11.2

v8.12.0

v8.12.1

v8.12.2

v8.12.3

v8.13.0

v8.14.0

v8.15.0

v8.16.0

v8.16.1

v8.17.0

v8.17.1

v8.17.2

v8.18.0

v8.18.1

v8.19.0

v8.2.0

v8.20.0

v8.20.1

v8.21.0

v8.22.0

v8.22.1

v8.23.0

v8.23.1

v8.24.0

v8.25.0

v8.26.0

v8.26.1

v8.27.0

v8.28.0

v8.28.1

v8.29.0

v8.3.0

v8.30.0

v8.30.1

v8.31.0

v8.32.0

v8.32.1

v8.33.0

v8.33.1

v8.34.0

v8.35.0

v8.35.1

v8.36.0

v8.36.1

v8.36.2

v8.37.0

v8.38.0

v8.39.0

v8.4.0

v8.4.1

v8.4.2

v8.4.3

v8.4.4

v8.40.0

v8.41.0

v8.42.0

v8.42.1

v8.43.0

v8.44.0

v8.45.0

v8.45.1

v8.46.0

v8.47.0

v8.48.0

v8.48.1

v8.48.2

v8.49.0

v8.49.1

v8.49.2

v8.5.0

v8.5.1

v8.5.10

v8.5.11

v8.5.12

v8.5.13

v8.5.14

v8.5.15

v8.5.16

v8.5.17

v8.5.18

v8.5.19

v8.5.2

v8.5.20

v8.5.21

v8.5.22

v8.5.23

v8.5.24

v8.5.3

v8.5.4

v8.5.5

v8.5.6

v8.5.7

v8.5.8

v8.5.9

v8.50.0

v8.51.0

v8.52.0

v8.53.0

v8.53.1

v8.54.0

v8.55.0

v8.56.0

v8.57.0

v8.58.0

v8.59.0

v8.6.0

v8.6.1

v8.6.10

v8.6.11

v8.6.12

v8.6.2

v8.6.3

v8.6.4

v8.6.5

v8.6.6

v8.6.7

v8.6.8

v8.6.9

v8.60.0

v8.61.0

v8.62.0

v8.63.0

v8.64.0

v8.65.0

v8.66.0

v8.67.0

v8.68.0

v8.68.1

v8.69.0

v8.7.0

v8.7.1

v8.70.0

v8.70.1

v8.70.2

v8.71.0

v8.72.0

v8.73.0

v8.73.1

v8.73.2

v8.74.0

v8.75.0

v8.76.0

v8.76.1

v8.76.2

v8.77.0

v8.77.1

v8.78.0

v8.78.1

v8.79.0

v8.8.0

v8.80.0

v8.81.0

v8.82.0

v8.83.0

v8.83.1

v8.83.10

v8.83.11

v8.83.12

v8.83.13

v8.83.14

v8.83.15

v8.83.16

v8.83.17

v8.83.18

v8.83.19

v8.83.2

v8.83.20

v8.83.21

v8.83.22

v8.83.23

v8.83.24

v8.83.25

v8.83.26

v8.83.27

v8.83.3

v8.83.4

v8.83.5

v8.83.6

v8.83.7

v8.83.8

v8.83.9

v8.9.0

v9.*

v9.0.0

v9.0.0-beta.1

v9.0.0-beta.2

v9.0.0-beta.3

v9.0.0-beta.4

v9.0.0-beta.5

v9.0.1

v9.0.2

v9.1.0

v9.1.1

v9.1.10

v9.1.2

v9.1.3

v9.1.4

v9.1.5

v9.1.6

v9.1.7

v9.1.8

v9.1.9

v9.10.0

v9.10.1

v9.11.0

v9.12.0

v9.12.1

v9.12.2

v9.13.0

v9.14.0

v9.14.1

v9.15.0

v9.16.0

v9.17.0

v9.18.0

v9.19.0

v9.2.0

v9.2.1

v9.20.0

v9.21.0

v9.21.1

v9.21.2

v9.21.3

v9.21.4

v9.21.5

v9.21.6

v9.22.0

v9.22.1

v9.23.0

v9.24.0

v9.25.0

v9.25.1

v9.26.0

v9.26.1

v9.27.0

v9.28.0

v9.29.0

v9.3.0

v9.3.1

v9.3.10

v9.3.11

v9.3.12

v9.3.2

v9.3.3

v9.3.4

v9.3.5

v9.3.6

v9.3.7

v9.3.8

v9.3.9

v9.30.0

v9.30.1

v9.31.0

v9.32.0

v9.33.0

v9.34.0

v9.35.0

v9.35.1

v9.36.0

v9.36.1

v9.36.2

v9.36.3

v9.36.4

v9.37.0

v9.38.0

v9.39.0

v9.4.0

v9.4.1

v9.40.0

v9.40.1

v9.41.0

v9.42.0

v9.42.1

v9.42.2

v9.43.0

v9.44.0

v9.45.0

v9.45.1

v9.46.0

v9.47.0

v9.48.0

v9.49.0

v9.5.0

v9.5.1

v9.5.2

v9.50.0

v9.50.1

v9.50.2

v9.51.0

v9.52.0

v9.52.1

v9.52.10

v9.52.11

v9.52.12

v9.52.13

v9.52.14

v9.52.15

v9.52.16

v9.52.2

v9.52.3

v9.52.4

v9.52.5

v9.52.6

v9.52.7

v9.52.8

v9.52.9

v9.6.0

v9.7.0

v9.8.0

v9.8.1

v9.9.0