vulnerability

Debian: CVE-2024-52301: php-laravel-framework -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:C/A:N)	Nov 12, 2024	Dec 23, 2024	Aug 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

Nov 12, 2024

Added

Dec 23, 2024

Modified

Aug 27, 2025

Description

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.

Solutions

debian-upgrade-php-laravel-frameworkno-fix-debian-deb-package

References

CVE-2024-52301
https://attackerkb.com/topics/CVE-2024-52301
CWE-88
DEBIAN-DLA-3997-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today