Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T04:03:08.437Z

Reserved: 2021-11-14T00:00:00

Link: CVE-2021-43617

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-14T16:15:08.610

Modified: 2024-11-21T06:29:31.413

Link: CVE-2021-43617

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.