-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| laravel/framework | composer | >= 12.0.0, < 12.1.1 | 12.1.1 |
| laravel/framework | composer | >= 11.0.0, < 11.44.1 | 11.44.1 |
| laravel/framework | composer | < 10.48.29 | 10.48.29 |
Miggo AIRoot Cause AnalysisThe core vulnerability stems from how array keys were processed during validation. The commit shows critical changes to:
The validateUsingCustomRule was vulnerable because it didn't properly restore original attribute names when handling File/Password rules, allowing attackers to bypass validation by using array keys that matched the validator's placeholder patterns. parseData's placeholder strategy was insufficient as it didn't account for multiple validator instances sharing static placeholders.
Ongoing coverage of React2Shell
PHPPHP