CVE-2021-43617

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43617
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43617.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43617
Published
2021-11-14T16:15:08Z
Modified
2025-02-19T03:22:05.723783Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

References

Affected packages

Debian:11 / php-laravel-framework

Package

Name
php-laravel-framework
Purl
pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.20.14+dfsg-2+deb11u1

Affected versions

6.*

6.20.14+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / php-laravel-framework

Package

Name
php-laravel-framework
Purl
pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.20.14+dfsg-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / php-laravel-framework

Package

Name
php-laravel-framework
Purl
pkg:deb/debian/php-laravel-framework?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.20.14+dfsg-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/laravel/framework

Affected ranges

Type
GIT
Repo
https://github.com/laravel/framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dec9524cd0f9fa35a6eb8e25d0b40f8bbc8ec225

Affected versions

5.*

5.0.30
5.2.41
5.3

v4.*

v4.0.0
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.26
v4.1.27
v4.1.28
v4.1.29
v4.1.3
v4.1.30
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-BETA1
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9

v5.*

v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.2
v5.0.20
v5.0.21
v5.0.22
v5.0.23
v5.0.24
v5.0.25
v5.0.26
v5.0.27
v5.0.28
v5.0.29
v5.0.3
v5.0.31
v5.0.32
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.10
v5.1.11
v5.1.12
v5.1.13
v5.1.14
v5.1.15
v5.1.16
v5.1.17
v5.1.18
v5.1.19
v5.1.2
v5.1.20
v5.1.21
v5.1.22
v5.1.23
v5.1.24
v5.1.25
v5.1.26
v5.1.27
v5.1.28
v5.1.29
v5.1.3
v5.1.30
v5.1.31
v5.1.32
v5.1.33
v5.1.34
v5.1.35
v5.1.36
v5.1.37
v5.1.38
v5.1.39
v5.1.4
v5.1.40
v5.1.41
v5.1.42
v5.1.43
v5.1.44
v5.1.45
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.2.0
v5.2.0-beta1
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.2
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.26
v5.2.27
v5.2.28
v5.2.29
v5.2.3
v5.2.30
v5.2.31
v5.2.32
v5.2.33
v5.2.34
v5.2.35
v5.2.36
v5.2.37
v5.2.38
v5.2.39
v5.2.4
v5.2.40
v5.2.42
v5.2.43
v5.2.44
v5.2.45
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.3.0
v5.3.0-RC1
v5.3.1
v5.3.10
v5.3.11
v5.3.12
v5.3.13
v5.3.14
v5.3.15
v5.3.16
v5.3.17
v5.3.18
v5.3.19
v5.3.2
v5.3.20
v5.3.21
v5.3.22
v5.3.23
v5.3.24
v5.3.25
v5.3.26
v5.3.27
v5.3.28
v5.3.29
v5.3.3
v5.3.30
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.10
v5.4.11
v5.4.12
v5.4.13
v5.4.14
v5.4.15
v5.4.16
v5.4.17
v5.4.18
v5.4.19
v5.4.2
v5.4.20
v5.4.21
v5.4.22
v5.4.23
v5.4.24
v5.4.25
v5.4.26
v5.4.27
v5.4.28
v5.4.29
v5.4.3
v5.4.30
v5.4.31
v5.4.32
v5.4.33
v5.4.34
v5.4.35
v5.4.36
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.4.8
v5.4.9
v5.5.0
v5.5.1
v5.5.10
v5.5.11
v5.5.12
v5.5.13
v5.5.14
v5.5.15
v5.5.16
v5.5.17
v5.5.18
v5.5.19
v5.5.2
v5.5.20
v5.5.21
v5.5.22
v5.5.23
v5.5.24
v5.5.25
v5.5.26
v5.5.27
v5.5.28
v5.5.29
v5.5.3
v5.5.30
v5.5.31
v5.5.32
v5.5.33
v5.5.34
v5.5.35
v5.5.36
v5.5.37
v5.5.38
v5.5.39
v5.5.4
v5.5.40
v5.5.41
v5.5.42
v5.5.43
v5.5.44
v5.5.45
v5.5.46
v5.5.47
v5.5.48
v5.5.49
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v5.6.0
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.19
v5.6.2
v5.6.20
v5.6.21
v5.6.22
v5.6.23
v5.6.24
v5.6.25
v5.6.26
v5.6.27
v5.6.28
v5.6.29
v5.6.3
v5.6.30
v5.6.31
v5.6.32
v5.6.33
v5.6.34
v5.6.35
v5.6.36
v5.6.37
v5.6.38
v5.6.39
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.0
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.17
v5.7.18
v5.7.19
v5.7.2
v5.7.20
v5.7.21
v5.7.22
v5.7.23
v5.7.24
v5.7.25
v5.7.26
v5.7.27
v5.7.28
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.8.0
v5.8.1
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.19
v5.8.2
v5.8.20
v5.8.21
v5.8.22
v5.8.23
v5.8.24
v5.8.25
v5.8.26
v5.8.27
v5.8.28
v5.8.29
v5.8.3
v5.8.30
v5.8.31
v5.8.32
v5.8.33
v5.8.34
v5.8.35
v5.8.36
v5.8.37
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9

v6.*

v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.1.0
v6.10.0
v6.10.1
v6.11.0
v6.12.0
v6.13.0
v6.13.1
v6.14.0
v6.15.0
v6.15.1
v6.16.0
v6.17.0
v6.17.1
v6.18.0
v6.18.1
v6.18.10
v6.18.11
v6.18.12
v6.18.13
v6.18.14
v6.18.15
v6.18.16
v6.18.17
v6.18.18
v6.18.19
v6.18.2
v6.18.20
v6.18.21
v6.18.22
v6.18.23
v6.18.24
v6.18.25
v6.18.26
v6.18.27
v6.18.28
v6.18.29
v6.18.3
v6.18.30
v6.18.31
v6.18.32
v6.18.33
v6.18.34
v6.18.35
v6.18.36
v6.18.37
v6.18.38
v6.18.39
v6.18.4
v6.18.40
v6.18.41
v6.18.42
v6.18.43
v6.18.5
v6.18.6
v6.18.7
v6.18.8
v6.18.9
v6.19.0
v6.19.1
v6.2.0
v6.20.0
v6.20.1
v6.20.10
v6.20.11
v6.20.12
v6.20.13
v6.20.14
v6.20.15
v6.20.16
v6.20.17
v6.20.18
v6.20.19
v6.20.2
v6.20.20
v6.20.21
v6.20.22
v6.20.23
v6.20.24
v6.20.25
v6.20.26
v6.20.27
v6.20.28
v6.20.29
v6.20.3
v6.20.30
v6.20.31
v6.20.32
v6.20.33
v6.20.34
v6.20.35
v6.20.36
v6.20.37
v6.20.4
v6.20.5
v6.20.6
v6.20.7
v6.20.8
v6.20.9
v6.3.0
v6.4.0
v6.4.1
v6.5.0
v6.5.1
v6.5.2
v6.6.0
v6.6.1
v6.6.2
v6.7.0
v6.8.0
v6.9.0

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.10.0
v7.10.1
v7.10.2
v7.10.3
v7.11.0
v7.12.0
v7.13.0
v7.14.0
v7.14.1
v7.15.0
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.2
v7.18.0
v7.19.0
v7.19.1
v7.2.0
v7.2.1
v7.2.2
v7.20.0
v7.21.0
v7.22.0
v7.22.1
v7.22.2
v7.22.3
v7.22.4
v7.23.0
v7.23.1
v7.23.2
v7.24.0
v7.25.0
v7.26.0
v7.26.1
v7.27.0
v7.28.0
v7.28.1
v7.28.2
v7.28.3
v7.28.4
v7.29.0
v7.29.1
v7.29.2
v7.29.3
v7.3.0
v7.30.0
v7.30.1
v7.30.2
v7.30.3
v7.30.4
v7.4.0
v7.5.0
v7.5.1
v7.5.2
v7.6.0
v7.6.1
v7.6.2
v7.7.0
v7.7.1
v7.8.0
v7.8.1
v7.9.0
v7.9.1
v7.9.2

v8.*

v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.12.0
v8.12.1
v8.12.2
v8.12.3
v8.13.0
v8.14.0
v8.15.0
v8.16.0
v8.16.1
v8.17.0
v8.17.1
v8.17.2
v8.18.0
v8.18.1
v8.19.0
v8.2.0
v8.20.0
v8.20.1
v8.21.0
v8.22.0
v8.22.1
v8.23.0
v8.23.1
v8.24.0
v8.25.0
v8.26.0
v8.26.1
v8.27.0
v8.28.0
v8.28.1
v8.29.0
v8.3.0
v8.30.0
v8.30.1
v8.31.0
v8.32.0
v8.32.1
v8.33.0
v8.33.1
v8.34.0
v8.35.0
v8.35.1
v8.36.0
v8.36.1
v8.36.2
v8.37.0
v8.38.0
v8.39.0
v8.4.0
v8.40.0
v8.41.0
v8.42.0
v8.42.1
v8.43.0
v8.44.0
v8.45.0
v8.45.1
v8.46.0
v8.47.0
v8.48.0
v8.48.1
v8.48.2
v8.49.0
v8.49.1
v8.49.2
v8.5.0
v8.50.0
v8.51.0
v8.52.0
v8.53.0
v8.53.1
v8.54.0
v8.55.0
v8.56.0
v8.57.0
v8.58.0
v8.59.0
v8.6.0
v8.60.0
v8.61.0
v8.62.0
v8.63.0
v8.64.0
v8.65.0
v8.66.0
v8.67.0
v8.68.0
v8.68.1
v8.69.0
v8.7.0
v8.7.1
v8.70.0
v8.70.1
v8.70.2
v8.8.0
v8.9.0