I've joined the CVE hype-train! 🤣
Ok, in all seriousness, this is an issue if you have register_argc_argv=On. It's trivial to exploit and can unlock dev/debug helpers. 😱
GO UPDATE!
https://securinglaravel.com/laravel-security-notice-laravel-environment-manipulation-via-query-string/
Stephen Rees-Carter :laravel: /
npub1wf…aj03a
2024-11-19 00:24:59
Author Public Key
npub1wfdxsym3kgczjyf7xeueruzm4v34z90vsa8a3m2jaxugrqa9j29shaj03aSeen on
wss://relay.nostr.band