VulnerableCode Package Details - pkg:composer/laravel/framework@6.20.44

Search for packages

Vulnerability	Summary	Fixed by
VCID-fhw2-erwk-fqf4 Aliases: CVE-2024-52301 GHSA-gv7v-rgg6-548h	Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.	6.20.45 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.30.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.83.28 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.0.0-beta.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.52.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.48.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.31.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tzy8-b9et-fyd9 Aliases: CVE-2025-27515 GHSA-78fx-h6xr-vch4	Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.	10.48.29 Affected by 0 other vulnerabilities. 11.44.1 Affected by 0 other vulnerabilities. 12.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fhw2-erwk-fqf4
Aliases:
CVE-2024-52301
GHSA-gv7v-rgg6-548h

Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

6.20.45
Affected by 1 other vulnerability.

7.30.7
Affected by 1 other vulnerability.

8.83.28
Affected by 1 other vulnerability.

9.0.0-beta.1
Affected by 2 other vulnerabilities.

9.52.17
Affected by 1 other vulnerability.

10.48.23
Affected by 1 other vulnerability.

11.31.0
Affected by 3 other vulnerabilities.

VCID-tzy8-b9et-fyd9
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4

Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.

10.48.29
Affected by 0 other vulnerabilities.

11.44.1
Affected by 0 other vulnerabilities.

12.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-pyw4-3cc2-nuc4	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	CVE-2019-9081 GHSA-pfg4-p438-p874

Vulnerability

Summary

Aliases

VCID-pyw4-3cc2-nuc4

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2019-9081
GHSA-pfg4-p438-p874

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:41:29.454727+00:00	GitLab Importer	Affected by	VCID-tzy8-b9et-fyd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml	38.6.0
2026-06-06T05:30:56.676326+00:00	GitLab Importer	Affected by	VCID-fhw2-erwk-fqf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml	38.6.0
2026-06-04T17:54:00.824367+00:00	GithubOSV Importer	Fixing	VCID-pyw4-3cc2-nuc4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pfg4-p438-p874/GHSA-pfg4-p438-p874.json	38.6.0
2026-06-02T04:43:17.544233+00:00	GitLab Importer	Fixing	VCID-pyw4-3cc2-nuc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2019-9081.yml	38.6.0