File Upload Vulnerability in Spatie Media Library Pro for Laravel
CVE-2021-45040
9.8CRITICAL
What is CVE-2021-45040?
The Spatie Media Library Pro library, utilized in Laravel applications, has a vulnerability that permits remote attackers to upload executable files through the uploads route. This exploit potentially enables unauthorized execution of malicious code, thereby raising severe security concerns for affected applications. Developers using versions up to 1.17.10 or 2.1.6 should implement necessary mitigations or upgrade their libraries to safeguard against potential attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved