[pkg-php-pear] Bug#980899: Bug#980899: php-illuminate-database: CVE-2021-21263 Query Binding Exploitation
David Prévot
taffit at debian.org
Tue Feb 2 15:20:06 GMT 2021
Le 23/01/2021 à 18:49, David Prévot a écrit :
> Package: php-illuminate-database
> Version: 5.7.27-1
[…]
> A quick look at the php-illuminate-database code, as shipped in stable,
> makes me think that it is probably vulnerable to CVE-2021-21263 as fixed
> in 6.20.11
Also, since the CVE-2021-21263 fix was incomplete, upstream released
another security update as 6.20.14.
https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg
Regards
David
More information about the pkg-php-pear
mailing list