What is the severity of GHSA-jwvj-pwww-3mj5?

The severity of GHSA-jwvj-pwww-3mj5 is classified as high due to potential data validation issues.

How do I fix GHSA-jwvj-pwww-3mj5?

To fix GHSA-jwvj-pwww-3mj5, upgrade Laravel framework to versions 8.24.0, 7.30.4, or 6.20.14 as applicable.

What types of Laravel framework versions are affected by GHSA-jwvj-pwww-3mj5?

GHSA-jwvj-pwww-3mj5 affects Laravel framework versions between 6.0.0 and 6.20.14, 7.0.0 and 7.30.4, and 8.0.0 and 8.24.0.

What is the main issue addressed in GHSA-jwvj-pwww-3mj5?

GHSA-jwvj-pwww-3mj5 addresses issues with inputs being incorrectly handled when a non-array field is treated as an array.

Is manual intervention required after fixing GHSA-jwvj-pwww-3mj5?

Yes, after upgrading to the recommended versions for GHSA-jwvj-pwww-3mj5, manual verification of input validation may be necessary.

Vulnerability/
GHSA-jwvj-pwww-3mj5

15/5/2024

GHSA-jwvj-pwww-3mj5

First published: Wed May 15 2024(Updated: )

This is a follow-up to the security advisory https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.

Affected Software	Affected Version	How to fix
composer/laravel/framework	>=8.0.0<8.24.0	8.24.0
composer/laravel/framework	>=7.0.0<7.30.4	7.30.4
composer/laravel/framework	>=6.0.0<6.20.14	6.20.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of GHSA-jwvj-pwww-3mj5?
The severity of GHSA-jwvj-pwww-3mj5 is classified as high due to potential data validation issues.
How do I fix GHSA-jwvj-pwww-3mj5?
To fix GHSA-jwvj-pwww-3mj5, upgrade Laravel framework to versions 8.24.0, 7.30.4, or 6.20.14 as applicable.
What types of Laravel framework versions are affected by GHSA-jwvj-pwww-3mj5?
GHSA-jwvj-pwww-3mj5 affects Laravel framework versions between 6.0.0 and 6.20.14, 7.0.0 and 7.30.4, and 8.0.0 and 8.24.0.
What is the main issue addressed in GHSA-jwvj-pwww-3mj5?
GHSA-jwvj-pwww-3mj5 addresses issues with inputs being incorrectly handled when a non-array field is treated as an array.
Is manual intervention required after fixing GHSA-jwvj-pwww-3mj5?
Yes, after upgrading to the recommended versions for GHSA-jwvj-pwww-3mj5, manual verification of input validation may be necessary.

collector/github-advisory-latest
source/GitHub
alias/GHSA-jwvj-pwww-3mj5
agent/software-canonical-lookup
agent/references
agent/severity
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/event
agent/type
agent/description
collector/github-advisory
agent/tags
agent/source
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.