Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/cesargb/laravel-magiclink@2.12.0
Typecomposer
Namespacecesargb
Namelaravel-magiclink
Version2.12.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.25.1
Latest_non_vulnerable_version2.25.1
Affected_by_vulnerabilities
0
url VCID-gdgt-wxnc-fbfr
vulnerability_id VCID-gdgt-wxnc-fbfr
summary 
MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution
MagicLink stores serialized action objects in the `magic_links.action` database column and deserializes them without integrity validation or class allowlisting in [src/MagicLink.php](src/MagicLink.php#L59-L77) and [src/Actions/ResponseAction.php](src/Actions/ResponseAction.php#L64-L77). An attacker with the ability to manipulate database records (e.g., via SQL injection or compromised admin access) could inject malicious serialized objects containing arbitrary closures, leading to Remote Code Execution (RCE) when the magic link is visited.
references
0
reference_url https://github.com/cesargb/laravel-magiclink
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cesargb/laravel-magiclink
1
reference_url https://github.com/cesargb/laravel-magiclink/releases/tag/v2.25.1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cesargb/laravel-magiclink/releases/tag/v2.25.1
2
reference_url https://github.com/advisories/GHSA-r33w-fg8j-9c94
reference_id GHSA-r33w-fg8j-9c94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r33w-fg8j-9c94
3
reference_url https://github.com/cesargb/laravel-magiclink/security/advisories/GHSA-r33w-fg8j-9c94
reference_id GHSA-r33w-fg8j-9c94
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cesargb/laravel-magiclink/security/advisories/GHSA-r33w-fg8j-9c94
fixed_packages
0
url pkg:composer/cesargb/laravel-magiclink@2.25.1
purl pkg:composer/cesargb/laravel-magiclink@2.25.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cesargb/laravel-magiclink@2.25.1
aliases GHSA-r33w-fg8j-9c94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgt-wxnc-fbfr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/cesargb/laravel-magiclink@2.12.0