CVE-2022-2886: Laravel deserialization
First published: Fri Aug 19 2022(Updated: )
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Laravel Laravel | >=5.1.0<=5.1.46 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-2886?
The severity of CVE-2022-2886 is high with a CVSS score of 8.8.
How does CVE-2022-2886 affect Laravel 5.1?
CVE-2022-2886 affects Laravel 5.1 through an unknown function that allows remote attackers to perform deserialization attacks.
Is CVE-2022-2886 publicly disclosed?
Yes, CVE-2022-2886 has been disclosed to the public and may be actively exploited.
Can CVE-2022-2886 be exploited remotely?
Yes, CVE-2022-2886 can be exploited remotely.
How can I fix the vulnerability in Laravel 5.1?
To fix the vulnerability in Laravel 5.1, it is recommended to upgrade to a version above 5.1.46.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/laravel
- canonical/laravel laravel
- version/laravel laravel/5.1.0
- version/laravel laravel/5.1.46