CVE-2022-31114
Description
backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in resources/views/errors and output e($exception->getMessage()) instead of $exception->getMessage().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backpack/crudPackagist | >= 5.0.0, < 5.0.13 | 5.0.13 |
backpack/crudPackagist | >= 4.1.0, < 4.1.69 | 4.1.69 |
backpack/crudPackagist | < 4.0.63 | 4.0.63 |
Affected products
3- Range: <5.0.13,>=4.1.69,<4.1.69,>=4.0.63,<4.0.63
- Range: <5.0.13, <4.1.69, <4.0.63
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.