In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
Published 2021-03-03 17:15:12
Updated 2022-05-03 16:04:40
Source VMware
View at NVD,   CVE.org

Products affected by CVE-2021-21979

  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.20.0-debian-10-r0 and before (<) 6.20.0-debian-10-r107
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.18.0-debian-10-r0 and up to, including, (<=) 6.18.0-debian-10-r21
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.0.0-debian-10-r0 and up to, including, (<=) 7.0.0-debian-10-r7
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.12.0-debian-10-r0 and up to, including, (<=) 7.12.0-debian-10-r72
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.2.0-debian-10-r0 and up to, including, (<=) 8.2.0-debian-10-r8
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.6.0-debian-10-r0 and up to, including, (<=) 7.6.0-debian-10-r38
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.5-debian-10-r0 and up to, including, (<=) 8.5.5-debian-10-r11
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.30.1-debian-10-r0 and before (<) 7.30.1-debian-10-r108
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.4.3-debian-10-r0 and up to, including, (<=) 8.4.3-debian-10-r6
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.9-debian-10-r0 and up to, including, (<=) 8.5.9-debian-10-r25
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.4.4-debian-10-r0 and up to, including, (<=) 8.4.4-debian-10-r6
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.28.0-debian-10-r0 and up to, including, (<=) 7.28.0-debian-10-r50
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.1.0-debian-10-r0 and up to, including, (<=) 8.1.0-debian-10-r7
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.0.1-debian-10-r0 and up to, including, (<=) 8.0.1-debian-10-r7
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.18.35-debian-10-r0 and up to, including, (<=) 6.18.35-debian-10-r66
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.25.0-debian-10-r0 and up to, including, (<=) 7.25.0-debian-10-r16
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 7.3.0-debian-10-r0 and up to, including, (<=) 7.3.0-debian-10-r20
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.4.0-debian-9-r0 and up to, including, (<=) 6.4.0-debian-9-r31
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.12.0-debian-9-r0 and up to, including, (<=) 6.12.0-debian-10-r33
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.4.1-debian-10-r0 and up to, including, (<=) 8.4.1-debian-10-r6
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.6-debian-10-r0 and up to, including, (<=) 8.5.6-debian-10-r13
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.0.3-debian-10-r0 and up to, including, (<=) 8.0.3-debian-10-r18
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.0.2-debian-9-r0 and up to, including, (<=) 6.0.2-debian-9-r22
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.7-debian-10-r0 and up to, including, (<=) 8.5.7-debian-10-r6
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.8.0-debian-9-r0 and up to, including, (<=) 6.8.0-debian-9-r26
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.4.2-debian-10-r0 and up to, including, (<=) 8.4.2-debian-10-r4
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.10-debian-10-r0 and up to, including, (<=) 8.5.10-debian-10-r6
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.5.2-debian-9-r0 and up to, including, (<=) 6.5.2-debian-9-r20
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.18.3-debian-10-r0 and up to, including, (<=) 6.18.3-debian-10-r22
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.5.8-debian-10-r0 and up to, including, (<=) 8.5.8-debian-10-r5
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 6.18.8-debian-10-r0 and up to, including, (<=) 6.18.8-debian-10-r110
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » For Laravel
    Versions from including (>=) 8.4.0-debian-10-r0 and up to, including, (<=) 8.4.0-debian-10-r10
    cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 7.30.0-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:7.30.0-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.3.0-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:8.3.0-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.5.2-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.5.2-debian-10-r1 For Laravel
    cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r1:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.5.3-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:8.5.3-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.5.4-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 8.5.4-debian-10-r1 For Laravel
    cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r1:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 7.29.0-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:7.29.0-debian-10-r0:*:*:*:*:laravel:*:*
  • Bitnami » Containers » Version: 6.19.0-debian-10-r0 For Laravel
    cpe:2.3:a:bitnami:containers:6.19.0-debian-10-r0:*:*:*:*:laravel:*:*

Exploit prediction scoring system (EPSS) score for CVE-2021-21979

0.12%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-21979

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
7.3
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.9
3.4
NIST

CWE ids for CVE-2021-21979

References for CVE-2021-21979

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!