Summary
A Proof of Concept (PoC) is available for CVE-2024-13919 – already fixed – present in Laravel, a well-known open source framework for developing web applications. This vulnerability, if exploited, could allow JavaScript code to be executed in a user’s browser within the origin of the affected web application.
Risk
Estimate of the impact of the vulnerability on the reference community: High (72.82)
Type
- Data Manipulation
- Information Leakage
Affected products and versions
Laravel, from version 11.9.0 to 11.35.1
Mitigation actions
If not done, it is recommended to promptly update the vulnerable products to the latest available version following the instructions in the security bulletin reported in the References section.
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.