The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
Release Notes
laravel/framework (laravel/framework)
### [`v6.20.44`](https://togithub.com/laravel/framework/releases/tag/v6.20.44)
[Compare Source](https://togithub.com/laravel/framework/compare/v6.20.43...v6.20.44)
##### Fixed
- Fixed digits_between with fractions ([#40278](https://togithub.com/laravel/framework/pull/40278))
### [`v6.20.43`](https://togithub.com/laravel/framework/releases/tag/v6.20.43)
[Compare Source](https://togithub.com/laravel/framework/compare/v6.20.42...v6.20.43)
##### Fixed
- Fixed inconsistent escaping of artisan argument ([#39953](https://togithub.com/laravel/framework/pull/39953))
##### Changed
- Do not return anything `Illuminate/Foundation/Application::afterLoadingEnvironment()`
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
6.20.42->6.20.44GitHub Vulnerability Alerts
CVE-2019-9081
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the
__destructmethod of the PendingCommand class inPendingCommand.php.Release Notes
laravel/framework (laravel/framework)
### [`v6.20.44`](https://togithub.com/laravel/framework/releases/tag/v6.20.44) [Compare Source](https://togithub.com/laravel/framework/compare/v6.20.43...v6.20.44) ##### Fixed - Fixed digits_between with fractions ([#40278](https://togithub.com/laravel/framework/pull/40278)) ### [`v6.20.43`](https://togithub.com/laravel/framework/releases/tag/v6.20.43) [Compare Source](https://togithub.com/laravel/framework/compare/v6.20.42...v6.20.43) ##### Fixed - Fixed inconsistent escaping of artisan argument ([#39953](https://togithub.com/laravel/framework/pull/39953)) ##### Changed - Do not return anything `Illuminate/Foundation/Application::afterLoadingEnvironment()`Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.