CVE-2021-21263

NameCVE-2021-21263
DescriptionLaravel is a web application framework. Versions of Laravel before 6.2 ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs980095, 980899

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-illuminate-database (PTS)buster5.7.27-1vulnerable
php-laravel-framework (PTS)sid, bookworm, bullseye6.20.14+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-illuminate-databasesource(unstable)(unfixed)980899
php-laravel-frameworksource(unstable)6.20.11+dfsg-1980095

Notes

https://blog.laravel.com/security-laravel-62011-7302-8221-released
https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
https://github.com/laravel/framework/pull/35865

Search for package or bug name: Reporting problems