Search for packages
| purl | pkg:composer/laravel/framework@5.5.40 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1apm-fx9d-3ufe
Aliases: CVE-2018-15133 GHSA-qvqm-h22r-4cp9 |
Laravel Framework RCE Vulnerability In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in `Illuminate/Encryption/Encrypter.php` and PendingBroadcast in `gadgetchains/Laravel/RCE/3/chain.php` in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-aju9-h338-mfhf | Cryptographic Issues Exploit of encryption failure vulnerability |
GMS-2018-72
|
| VCID-zg1j-9fvd-bqek | Unsafe payload decryption There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons. |
GMS-2018-27
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:43:26.273106+00:00 | GitLab Importer | Affected by | VCID-1apm-fx9d-3ufe | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2018-15133.yml | 38.6.0 |
| 2026-06-02T04:37:37.447306+00:00 | GitLab Importer | Fixing | VCID-aju9-h338-mfhf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-72.yml | 38.6.0 |
| 2026-06-02T04:37:37.282618+00:00 | GitLab Importer | Fixing | VCID-zg1j-9fvd-bqek | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GMS-2018-27.yml | 38.6.0 |