⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-9081Deserialization of Untrusted Data in Framework

CWE-502Deserialization of Untrusted Data5 documents4 sources
Severity
9.8CRITICAL
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Laravel Framework
Timeline
Latest updateMay 14

Description

Laravel Framework 5.7.x Illuminate Deserialization Vulnerability The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php. Affected: Laravel Laravel Framework Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailabl

Affected Packages1 packages

Packagistlaravel/framework5.7.06.20.44

🔴Vulnerability Details

3
GHSA
Laravel Framework Deserialization Vulnerability2022-05-14
OSV
Laravel Framework Deserialization Vulnerability2022-05-14
VulnCheck
Laravel Framework 5.7.x Illuminate Deserialization Vulnerability2019

🕵️Threat Intelligence

2
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices2020-06-24
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices2020-06-24
CVE-2019-9081 — Deserialization of Untrusted Data | cvebase