Headline
GHSA-vv7q-mfpc-qgm5: Unserialized Pop Chain in Laravel
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.
Unserialized Pop Chain in Laravel
High severity GitHub Reviewed Published Jun 8, 2022 • Updated Jun 8, 2022
Related news
CVE-2022-31279: Laravel 9.1.8 POP chain3 · Issue #3 · 1nhann/vulns
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.