[pkg-php-pear] Bug#980899: Bug#980899: php-illuminate-database: CVE-2021-21263 Query Binding Exploitation

David Prévot taffit at debian.org
Tue Feb 2 15:20:06 GMT 2021


Le 23/01/2021 à 18:49, David Prévot a écrit :
> Package: php-illuminate-database
> Version: 5.7.27-1
[…]
> A quick look at the php-illuminate-database code, as shipped in stable,
> makes me think that it is probably vulnerable to CVE-2021-21263 as fixed
> in 6.20.11

Also, since the CVE-2021-21263 fix was incomplete, upstream released 
another security update as 6.20.14.

https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg

Regards

David



More information about the pkg-php-pear mailing list