Merge pull request #744 from lxp/CVE-2024-13918/CVE-2024-13919

naderman · web-flow · commit 0f2c49a17f2d · 2025-03-10T22:57:09.000+01:00
Add CVE-2024-13918 and CVE 2024 13919: Laravel Reflected XSS via Request/Route Parameter in Debug-Mode Error Page
diff --git a/laravel/framework/CVE-2024-13918.yaml b/laravel/framework/CVE-2024-13918.yaml
@@ -0,0 +1,8 @@
+title:     Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
+link:      https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
+cve:       CVE-2024-13918
+branches:
+  "11.x":
+      time:     2024-12-13 15:51:00
+      versions: ['>=11.9.0', '<11.36.0']
+reference: composer://laravel/framework
diff --git a/laravel/framework/CVE-2024-13919.yaml b/laravel/framework/CVE-2024-13919.yaml
@@ -0,0 +1,8 @@
+title:     Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
+link:      https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
+cve:       CVE-2024-13919
+branches:
+  "11.x":
+      time:     2024-12-13 15:51:00
+      versions: ['>=11.9.0', '<11.36.0']
+reference: composer://laravel/framework
