Mass Assignment Vulnerability in Laravel Framework by Laravel
CVE-2020-24940

7.5HIGH

Key Information:

Vendor: Laravel
Status: Laravel
Vendor: CVE Published:; 4 September 2020

What is CVE-2020-24940?

A mass assignment vulnerability was identified in the Laravel framework, present in versions prior to 6.18.34 and 7.x before 7.23.2. This issue occurs when unvalidated values are inadvertently saved to the database during mass assignment, specifically when table names are stripped. As a result, this flaw could allow an attacker to manipulate data in unintended ways. It is crucial for developers using affected versions to apply patches and ensure secure coding practices to safeguard their applications from potential exploitation.

References

https://blog.laravel.com/security-release-laravel-61834-7232

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2020
Vulnerability Reserved
Aug 28, 2020