CVE-2022-2870
laravel deserialization
9.8
CRITICAL
CVSS 3.1
EPSS 0.38%
Description
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
How to fix CVE-2022-2870
To remediate CVE-2022-2870, upgrade the affected package to a fixed version below.
- —upgrade to 5.1.47 or later
Is CVE-2022-2870 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.1.0, < 5.1.47
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |