CVE-2022-2870: laravel deserialization
First published: Wed Aug 17 2022(Updated: )
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Laravel Framework | >=5.1.0<=5.1.46 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-2870?
CVE-2022-2870 is classified as a problematic vulnerability affecting Laravel 5.1.
How do I fix CVE-2022-2870?
To fix CVE-2022-2870, upgrade Laravel to a version later than 5.1.46.
What are the potential impacts of exploiting CVE-2022-2870?
Exploiting CVE-2022-2870 can lead to remote deserialization attacks which may compromise application integrity.
Which versions of Laravel are affected by CVE-2022-2870?
CVE-2022-2870 affects Laravel versions from 5.1.0 to 5.1.46.
Is CVE-2022-2870 publicly known and exploit available?
Yes, CVE-2022-2870 has been disclosed publicly and exploits may be available.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/laravel
- canonical/laravel framework
- version/laravel framework/5.1.0
- version/laravel framework/5.1.46