Approved changes feed: RSS · Atom

cpe:2.3:a:laravel:laravel:8.5.9:*:*:*:*:*:*:*

part: a version: 8.5.9 update: *

VendorLaravel (753b10ea-9525-5ae4-bc49-6f2cc8b8ce8c)
ProductLaravel (7de0041f-6592-5f65-a956-23a2e8331404)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:composer/laravel/laravel purl2cpe 2026-06-01 10:12:10.178852
pkg:github/laravel/laravel purl2cpe 2026-06-01 10:12:10.178853

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-28254 vulnerable 2026-06-08 05:31:23.756445 Details available
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
Published: 2023-04-18T00:00:00.000Z
Updated: 2025-03-05T18:53:58.816Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.