arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Update your Laravel!
#1
I open this thread to let you know that you must always update your software!

Recently a new CVE has been filled that explain how to exploit a "Ignition" bug that allows the arbitraty execution of code. IT is really dangerous.
One of my friend VPS has been infected buy a cryptominer, the aricle I am going to post here talks about Docker APIs but the same "malicious command" has been used on Laravel's exploting. He requested my help to eradicate that maleware... well it was a nightmare, killing the process was useless because a new one will start soon after. What you need to do is find a a cron job that let the malware in.

Another CVE regards databse queries... but it is less dangerous that a miner inside your server! As the CVE article says, most of attempt of this exploit will result on "no result" from the query...


Stay safe, stay updated!
Thanks to Post4VPS and Bladenodefor VPS 14
#2
Yup update to latest bug fixes. Dont ise $request->all() or request()->all() to create, and hope for the best.
This bug is hopefully fixed
https://blog.laravel.com/security-larave...1-released
#3
That's from January and it's April now hahaha. If you're using dependabot in GitHub like me, you will get notified soon after a package get updated. I'm pretty sure my Laravel is the newest but lemme check. Yep, it's the newest one.
Thanks to Limitless Hosting and Post4VPS for providing me excellent VPS 13!


person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting