The disclosure and description for CVE-2024-29291 both say Laravel 8. through 11.. These are highly questionable version ranges if you ask me, and it appears the vendor has no stance on the issue (and the CVE might even be bound for disputed status), but CISA ADP simply says version 8 is affected. It's slightly less wrong to say 8 through 11 is affected (although still imperfect).
The disclosure and description for CVE-2024-29291 both say Laravel 8. through 11.. These are highly questionable version ranges if you ask me, and it appears the vendor has no stance on the issue (and the CVE might even be bound for disputed status), but CISA ADP simply says version 8 is affected. It's slightly less wrong to say 8 through 11 is affected (although still imperfect).