Vulnerabilities for framework

laravel / framework

Title	Severity	Date	Affected Version
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior	Medium	May 15, 2024	< 5.5.40 >= 5.6.0 < 5.6.15
Laravel Hijacked authentication cookies vulnerability	Medium	May 15, 2024	>= 4.0.0 < 4.1.26
Laravel Risk of mass-assignment vulnerabilities	Medium	May 15, 2024	>= 4.0.0 < 4.1.29
CVE-2022-40482	Medium	Apr 25, 2023	>= 8.0.0 < 8.83.24 >= 9.0.0 < 9.32.0
CVE-2020-19316	High	Dec 20, 2021	< 5.8.17
CVE-2021-43808	Medium	Dec 8, 2021	< 6.20.42 >= 7.0.0 < 7.30.6 >= 8.0.0 < 8.75.0
CVE-2021-43617	Critical	Nov 14, 2021	<= 8.70.2
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database	High	Apr 29, 2021	>= 8.0.0 < 8.40.0 < 6.20.26
Unexpected database bindings	High	Feb 2, 2021	< 6.20.14 >= 7.0.0 < 7.30.4 >= 8.0.0 < 8.24.0
CVE-2021-21263	High	Jan 19, 2021	< 6.20.12 >= 7.0.0 < 7.30.3 >= 8.0.0 < 8.22.1

Title	Severity	Date	Affected Version
CVE-2022-24711	Critical	Feb 28, 2022	< 4.1.9
CVE-2022-21715	Medium	Jan 24, 2022	< 4.1.8
CVE-2022-21647	High	Jan 4, 2022	< 4.1.6

Title	Severity	Date	Affected Version
silverstripe/framework may disclose database credentials during connection failure	Medium	May 28, 2024	>= 3.7.0-rc1 < 3.7.1 >= 4.0.0-rc1 < 4.0.5 >= 4.1.0-rc1 < 4.1.3 >= 4.2.0-rc1 < 4.2.2
silverstripe/framework allows upload of dangerous file types	High	May 27, 2024	>= 3.6.5-rc1 < 3.6.6 >= 4.0.3-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework vulnerable to member disclosure in login form	Medium	May 27, 2024	>= 4.0.0-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework sends passwords back to browsers under some circumstances	Low	May 27, 2024	>= 3.5.5-rc1 < 3.7.0 >= 4.0.3-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework uploaded PHP script execution in assets	Medium	May 27, 2024	>= 4.0.0-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework code execution vulnerability	High	May 27, 2024	>= 4.0.3-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework BackURL validation bypass with malformed URLs	High	May 27, 2024	>= 4.0.0-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms	Medium	May 27, 2024	>= 4.0.0-rc1 < 4.0.1
silverstripe/framework Privilege Escalation Risk in Member Edit form	Medium	May 27, 2024	>= 3.5.7-rc1 < 3.5.8 >= 3.6.0-rc1 < 3.6.6 >= 4.0.0-rc1 < 4.0.4 >= 4.1.0-rc1 < 4.1.1
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded	Medium	May 27, 2024	>= 4.0.0-rc1 < 4.0.4 >= 4.1.0rc1 < 4.1.1