Remote Code Execution Vulnerability in Laravel Pulse Monitoring Tool

CVE-2024-55661

What is CVE-2024-55661?

A vulnerability in Laravel Pulse prior to version 1.3.1 could enable remote code execution through the public remember() method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait. This method is exposed via Livewire components, potentially permitting an authenticated user with access to the Laravel Pulse dashboard to execute arbitrary code. The vulnerability becomes critical when an attacker can exploit the remember(callable $query, string $key = '') method, allowing them to invoke any function or static method without restrictions on parameters. All Pulse card components utilizing this trait are affected. Version 1.3.1 addresses this vulnerability.

References