laravel-xhprof
laravel-xhprof copied to clipboard
bavix
laravel/framework-v10.45.0: 1 vulnerabilities (highest severity is: 5.5)
Vulnerable Library - laravel/framework-v10.45.0
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (laravel/framework-v10.45.0 version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-29291 |  Medium |
5.5 | laravel/framework-v10.45.0 | Direct | laravel/framework - 9.x-dev,10.x-dev,dev-prep-l12,11.x-dev,dev-php8.1-fixes | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-29291
Vulnerable Library - laravel/framework-v10.45.0
Dependency Hierarchy:
- :x: laravel/framework-v10.45.0 (Vulnerable Library)
Found in base branch: master
Vulnerability Details
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Publish Date: 2024-04-16
URL: CVE-2024-29291
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-29291
Release Date: 2024-04-16
Fix Resolution: laravel/framework - 9.x-dev,10.x-dev,dev-prep-l12,11.x-dev,dev-php8.1-fixes
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}