laravel-gmail icon indicating copy to clipboard operation
laravel-gmail copied to clipboard

Published 20 hours ago verified publisher icon dacastro4

orchestra/testbench-v3.5.5: 2 vulnerabilities (highest severity is: 9.8)

Open mend-bolt-for-github[bot] opened this issue 2 years ago • 0 comments

Vulnerable Library - orchestra/testbench-v3.5.5

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
WS-2020-0144 High 9.8 laravel/framework-v5.5.45 Transitive N/A
CVE-2021-43503 High 9.8 laravel/framework-v5.5.45 Transitive N/A

Details

WS-2020-0144

Vulnerable Library - laravel/framework-v5.5.45

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/52c79ecf54b6168a54730ccb6c4c9f3561732a80

Dependency Hierarchy:

  • orchestra/testbench-v3.5.5 (Root Library)
    • :x: laravel/framework-v5.5.45 (Vulnerable Library)

Vulnerability Details

Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie" session driver in their production deployments.

Publish Date: 2020-07-27

URL: WS-2020-0144

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0144

Release Date: 2020-07-27

Fix Resolution: laravel/framework - 5.6.x-dev,5.7.x-dev,v6.18.31,5.0.x-dev,5.5.x-dev,5.2.x-dev,4.2.x-dev,5.2.41,6.x-dev,5.3,5.0.30,5.4.x-dev,5.1.x-dev,5.8.x-dev

Step up your Open Source Security Game with Mend here

CVE-2021-43503

Vulnerable Library - laravel/framework-v5.5.45

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/52c79ecf54b6168a54730ccb6c4c9f3561732a80

Dependency Hierarchy:

  • orchestra/testbench-v3.5.5 (Root Library)
    • :x: laravel/framework-v5.5.45 (Vulnerable Library)

Vulnerability Details

A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.

Publish Date: 2022-04-08

URL: CVE-2021-43503

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Apr 16 '22 01:04 mend-bolt-for-github[bot]