About CVE-2020-15094 #35102

kanade0404 · 2020-11-05T03:48:46Z

kanade0404
Nov 5, 2020

There is an RCE vulnerability in symfony/http-kernel, do you update the version in laravel?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15094
For example, in 6.x, the http-kernel version is ^4.3.4, which seems to be the version affected.

Answered by mbabker

Nov 5, 2020

4.3.4 is the minimum supported Symfony version, the constraint basically means any 4.x version higher than 4.3.4 can be used.

Laravel 6 will run just fine on the latest Symfony 4.4 release.

View full answer

mbabker · 2020-11-05T15:45:03Z

mbabker
Nov 5, 2020

4.3.4 is the minimum supported Symfony version, the constraint basically means any 4.x version higher than 4.3.4 can be used.

Laravel 6 will run just fine on the latest Symfony 4.4 release.

1 reply

kanade0404 Nov 6, 2020
Author

Thanks for telling me, @mbabker 🙏

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

About CVE-2020-15094 #35102

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

About CVE-2020-15094 #35102

Uh oh!

kanade0404 Nov 5, 2020

Replies: 1 comment · 1 reply

Uh oh!

mbabker Nov 5, 2020

Uh oh!

kanade0404 Nov 6, 2020 Author

kanade0404
Nov 5, 2020

Replies: 1 comment 1 reply

mbabker
Nov 5, 2020

kanade0404 Nov 6, 2020
Author