前言
Laravel发布安全更新,其中指出使用cookie session driver的应用受到漏洞影响,该漏洞会导致rce。
https://blog.laravel.com/laravel-cookie-security-releases
影响版本:
Regarding the vulnerability, applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the use