CVE-2021-3129
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-3129
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3129.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3129
- Aliases
- Published
- 2021-01-12T15:15:16Z
- Modified
- 2024-05-14T08:21:08.590053Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents() and fileputcontents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
- References
Affected packages
Git / github.com/facade/ignition
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facade/ignition
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.10.0
1.11.0
1.11.1
1.11.2
1.12.0
1.12.1
1.13.0
1.13.1
1.14.0
1.15.0
1.16.0
1.2.0
1.3.0
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.6.0
1.6.1
1.6.10
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.8.0
1.8.1
1.8.2
1.8.4
1.9.0
1.9.1
1.9.2
2.*
2.0.0
2.0.1
2.0.10
2.0.2
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.2.0
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.4.0
2.4.1
2.5.0
2.5.1