Wednesday, May 25, 2022

CVE-2022-30778

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php. (CVSS:7.5) (Last Update:2022-05-24)
http://dlvr.it/SR2c3n

No comments:

Post a Comment

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This mea...