What is CVE-2021-43617?

CVE-2021-43617 is a vulnerability in N/a. Published 2021-11-14.

Is CVE-2021-43617 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on…

EPSS: 0.501 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Sybelle03/CVE-2021-43617
aweiiy/CVE-2021-43617
kombat1/CVE-2021-43617
NaInSec/CVE-PoC-in-GitHub
PuddinCat/GithubRepoSpider
SYRTI/POC_
WhooAmii/POC_
dangducloc/CVE_
nomi-sec/PoC-in-GitHub
plzheheplztrying/cve_

References

github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/… (x_refsource_MISC)
salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8 (x_refsource_MISC)
salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/d… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43617?: CVE-2021-43617 is a vulnerability in N/a. Published 2021-11-14.
Is CVE-2021-43617 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.