medium
6.1
CWE
79 327
Advisory Published
Advisory Published
Updated

CVE-2021-43808: Blade `@parent` Exploitation Leading To Possible XSS in Laravel

First published: Tue Dec 07 2021(Updated: )

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: ```html @section('content') <input value="{{ $value }}"> @show ``` resources/views/child.blade.php: ```html @extends('parent') @section('content') <input value="{{ $value }}"> @endsection ``` And a route like the following: ```php Route::get('/example', function() { $value = '//localhost/###parent-placeholder-040f06fd774092478d450774f5ba30c5da78acc8## onclick=location.assign(this.value);//'; return view('child', ['value' => $value]); }); ``` The broken HTML element may be clicked and the user is taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched by determining the parent placeholder at runtime and using a random hash that is unique to each request.

Credit: security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
composer/illuminate/view<6.20.42>=7.0.0<7.30.6>=8.0.0<8.75.0
composer/laravel/framework<6.20.42>=7.0.0<7.30.6>=8.0.0<8.75.0
Laravel Framework<6.20.42
Laravel Framework>=7.0.0<7.30.6
Laravel Framework>=8.0.0<8.75.0
composer/illuminate/view>=8.0.0<8.75.0
8.75.0
composer/illuminate/view>=7.0.0<7.30.6
7.30.6
composer/illuminate/view<6.20.42
6.20.42
composer/laravel/framework>=8.0.0<8.75.0
8.75.0
composer/laravel/framework>=7.0.0<7.30.6
7.30.6
composer/laravel/framework<6.20.42
6.20.42
<6.20.42
>=7.0.0<7.30.6
>=8.0.0<8.75.0

Remedy

https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b

Remedy

https://github.com/laravel/framework/pull/39906

Remedy

https://github.com/laravel/framework/pull/39908

Remedy

https://github.com/laravel/framework/pull/39909

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-43808?

    CVE-2021-43808 is a possible cross-site scripting (XSS) vulnerability in the Blade templating engine in Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42.

  • How can a broken HTML element be exploited in the XSS vulnerability?

    A broken HTML element may be clicked and the user taken to another location in their browser due to XSS.

  • Which versions of Laravel are affected by CVE-2021-43808?

    Laravel versions prior to 8.75.0, 7.30.6, and 6.20.42 are affected by CVE-2021-43808.

  • What is the severity of CVE-2021-43808?

    CVE-2021-43808 has a severity score of 6.1, which is considered medium.

  • How can I fix the XSS vulnerability in Laravel?

    To fix the XSS vulnerability in Laravel, update to version 8.75.0, 7.30.6, or 6.20.42 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203