CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.

When the settings "handle\_static" is true, LaravelS is affected by a LFI vulnerability.

public function handleStatic(IlluminateRequest $request)
{
    $uri = $request\->getRequestUri();
    if (isset(self::$staticBlackList\[$uri\])) {
        return false;
    }
    $uri = (string)str\_replace("\\0", '', urldecode($uri));

    $requestFile = $this\->conf\['static\_path'\] . $uri;
    if (is\_file($requestFile)) {
        return $this\->createStaticResponse($requestFile, $request);
    }
    ...

Headline

CVE-2023-29931: Local File Inclusion (LFI) vulnerability · Issue #437 · hhxsv5/laravel-s

Related news

CVE: Latest News