VulnerableCode Package Details - pkg:composer/laravel/framework@9.32.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-fhw2-erwk-fqf4 Aliases: CVE-2024-52301 GHSA-gv7v-rgg6-548h	Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.	9.52.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.48.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.31.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tzy8-b9et-fyd9 Aliases: CVE-2025-27515 GHSA-78fx-h6xr-vch4	Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.	10.48.29 Affected by 0 other vulnerabilities. 11.44.1 Affected by 0 other vulnerabilities. 12.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fhw2-erwk-fqf4
Aliases:
CVE-2024-52301
GHSA-gv7v-rgg6-548h

Laravel environment manipulation via query string When the `register_argc_argv php` directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

9.52.17
Affected by 1 other vulnerability.

10.48.23
Affected by 1 other vulnerability.

11.31.0
Affected by 3 other vulnerabilities.

VCID-tzy8-b9et-fyd9
Aliases:
CVE-2025-27515
GHSA-78fx-h6xr-vch4

Laravel has a File Validation Bypass When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.

10.48.29
Affected by 0 other vulnerabilities.

11.44.1
Affected by 0 other vulnerabilities.

12.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-su5t-5e4w-fbc2	Observable Discrepancy The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.	CVE-2022-40482

Vulnerability

Summary

Aliases

VCID-su5t-5e4w-fbc2

Observable Discrepancy The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.

CVE-2022-40482

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:41:30.787493+00:00	GitLab Importer	Affected by	VCID-tzy8-b9et-fyd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2025-27515.yml	38.6.0
2026-06-06T05:30:57.937043+00:00	GitLab Importer	Affected by	VCID-fhw2-erwk-fqf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2024-52301.yml	38.6.0
2026-06-02T04:44:39.737382+00:00	GitLab Importer	Fixing	VCID-su5t-5e4w-fbc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/CVE-2022-40482.yml	38.6.0