CVE-2022-31279 Information

Description

Laravel 9.1.8 when processing attacker-controlled data for deserialization allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.

Reference

https://github.com/1nhann/vulns/issues/3