CVE-2020-24940
HIGH7.5EPSS 0.26%Guard bypass in Eloquent models affecting Laravel illuminate database component
Published: 5/24/2022Modified: 11/29/2024
Description
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment.
Affected packages (2)
- Bitnami/laravelfrom 0, < 6.18.34, >= 7.0.0, < 7.23.2
- Packagist/illuminate/database>= 5.5.0, <= 5.5.44
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |