j-baines
commented
1 month ago Closing this. I'm not sure it's that much of an improvement. The version range is sketchy all around.
Closed j-baines closed 1 month ago
j-baines
commented
1 month ago Closing this. I'm not sure it's that much of an improvement. The version range is sketchy all around.
The disclosure and description for CVE-2024-29291 both say Laravel 8. through 11.. These are highly questionable version ranges if you ask me, and it appears the vendor has no stance on the issue (and the CVE might even be bound for disputed status), but CISA ADP simply says version 8 is affected. It's slightly less wrong to say 8 through 11 is affected (although still imperfect).