GHSA-rj3w-99gc-8j58

Suggest an improvement
Source
https://github.com/advisories/GHSA-rj3w-99gc-8j58
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-rj3w-99gc-8j58/GHSA-rj3w-99gc-8j58.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rj3w-99gc-8j58
Published
2024-05-15T22:05:00Z
Modified
2024-05-15T22:16:03.075988Z
Summary
Laravel Risk of mass-assignment vulnerabilities
Details

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application is not vulnerable. However, if you are using guarded and are passing a user controlled array into an "update" or "save" type function, you should upgrade to 4.1.29 immediately as your application may be at risk of mass assignment.

References

Affected packages

Packagist / laravel/framework

Package

Name
laravel/framework
Purl
pkg:composer/laravel/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.29

Affected versions

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.26
v4.1.27
v4.1.28