Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php. (CVSS:7.5) (Last Update:2022-05-24)
http://dlvr.it/SR2c3n
No comments:
Post a Comment