ГлавнаяУязвимости → CVE-2021-47756
8.4высокая

CVE-2021-47756

Описание

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://laravel.com/docs/8.x/valethttps://www.exploit-db.com/exploits/50591https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos