From c52858ed10abf7ad32196f15a5310f2b7b7cb0ef Mon Sep 17 00:00:00 2001 From: David Lisa Gnedt Date: Mon, 10 Mar 2025 12:05:07 +0100 Subject: [PATCH 1/2] Add CVE-2024-13918: Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page --- laravel/framework/CVE-2024-13918.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 laravel/framework/CVE-2024-13918.yaml diff --git a/laravel/framework/CVE-2024-13918.yaml b/laravel/framework/CVE-2024-13918.yaml new file mode 100644 index 000000000..fbafc2ba2 --- /dev/null +++ b/laravel/framework/CVE-2024-13918.yaml @@ -0,0 +1,8 @@ +title: Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page +link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page +cve: CVE-2024-13918 +branches: + "11.x": + time: 2024-12-13 15:51:00 + versions: ['>=11.9.0', '<11.36.0'] +reference: composer://laravel/framework From 0439ab770dcbb2ae74329189aaa3ab15fb96f0ad Mon Sep 17 00:00:00 2001 From: David Lisa Gnedt Date: Mon, 10 Mar 2025 12:05:35 +0100 Subject: [PATCH 2/2] Add CVE-2024-13919: Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page --- laravel/framework/CVE-2024-13919.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 laravel/framework/CVE-2024-13919.yaml diff --git a/laravel/framework/CVE-2024-13919.yaml b/laravel/framework/CVE-2024-13919.yaml new file mode 100644 index 000000000..e294fd684 --- /dev/null +++ b/laravel/framework/CVE-2024-13919.yaml @@ -0,0 +1,8 @@ +title: Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page +link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page +cve: CVE-2024-13919 +branches: + "11.x": + time: 2024-12-13 15:51:00 + versions: ['>=11.9.0', '<11.36.0'] +reference: composer://laravel/framework