Packagist (Composer) package
illuminate/database
pkg:composer/illuminate/database
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21263 | — | >= 7.0.0, < 7.30.3 | 7.30.3 | Jan 19, 2021 | Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non- | ||
| CVE-2020-24940 | — | >= 5.5.0, <= 5.5.44 | — | Sep 4, 2020 | An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. |
- CVE-2021-21263Jan 19, 2021affected >= 7.0.0, < 7.30.3fixed 7.30.3
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-
- CVE-2020-24940Sep 4, 2020affected >= 5.5.0, <= 5.5.44
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.