VulnerableCode Package Details - pkg:composer/laravel/framework@9.31.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-fhw2-erwk-fqf4 Aliases: CVE-2024-52301 GHSA-gv7v-rgg6-548h	Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.	9.52.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.48.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.31.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-su5t-5e4w-fbc2 Aliases: CVE-2022-40482	Observable Discrepancy The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.	9.32.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tzy8-b9et-fyd9 Aliases: CVE-2025-27515 GHSA-78fx-h6xr-vch4	Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.	10.48.29 Affected by 0 other vulnerabilities. 11.44.1 Affected by 0 other vulnerabilities. 12.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fhw2-erwk-fqf4
Aliases:
CVE-2024-52301
GHSA-gv7v-rgg6-548h

Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

9.52.17
Affected by 1 other vulnerability.

10.48.23
Affected by 1 other vulnerability.

11.31.0
Affected by 3 other vulnerabilities.

VCID-su5t-5e4w-fbc2
Aliases:
CVE-2022-40482

Observable Discrepancy The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.

9.32.0
Affected by 2 other vulnerabilities.

VCID-tzy8-b9et-fyd9
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4

Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.

10.48.29
Affected by 0 other vulnerabilities.

11.44.1
Affected by 0 other vulnerabilities.

12.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:41:30.782982+00:00	GitLab Importer	Affected by	VCID-tzy8-b9et-fyd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml	38.6.0
2026-06-06T05:30:57.932936+00:00	GitLab Importer	Affected by	VCID-fhw2-erwk-fqf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml	38.6.0
2026-06-06T03:42:23.022728+00:00	GitLab Importer	Affected by	VCID-su5t-5e4w-fbc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2022-40482.yml	38.6.0