CNNVD-202601-3336 Information
CNNVD ID
CNNVD-202601-3336
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Laravel Reverb是The Laravel Framework开源的一个库。为Laravel应用程序带来了实时WebSocket通信。 Laravel Reverb 1.6.3及之前版本存在代码问题漏洞,该漏洞源于数据未经限制直接传递给反序列化函数,可能导致远程代码执行。
Description (English)
Laravel Reverb is a library of the Laravel Framework open source. Real-time WebSocket communication for the Laravel application. Laravel Reverb 1.6.3 and previous versions had a code problem loophole, which stemmed from the fact that data were transmitted to an inverse sequence function without restriction and could lead to remote code execution.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
The Laravel Framework
Published
2026-01-21
Last Modified
2026-02-24
References
https://cwe.mitre.org/data/definitions/502.html https://laravel.com/docs/12.x/reverb#scaling https://github.com/laravel/reverb/releases/tag/v1.7.0 https://github.com/laravel/reverb/commit/9ec26f8ffbb701f84920dd0bb9781a1797591f1a https://github.com/laravel/reverb/security/advisories/GHSA-m27r-m6rx-mhm4 https://access.redhat.com/security/cve/cve-2026-23524
Patch
https://github.com/laravel/reverb/releases
Share on: