-
Notifications
You must be signed in to change notification settings - Fork 11.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Laravel <= v8.4.2 debug mode: Remote code execution #35880
Comments
Don't enable debug mode in production. Also: please don't post issues about security vulnerabilities (see our readme). |
I am having the same problem in my homologation and staging environment.
Request:
After upgrading from Laravel 7 to Laravel 8.27.0, these errors started to appear in my staging environment, but they don't appear in my production environment. After analyzing the differences between environments, I thought it could be something related to And I found this links:
When executing the command The problem as described in the first link is referencing the "facade/ignition" package that deals with the new Laravel error page and that the problem can be seen at facade/ignition#334. In summary, I think the case is happening for applications that have been upgraded from Laravel less than 8 to 8.x, because they suffered this "invasion" before the update. Even knowing that debugging should not be enabled in the production environment, how to work with debugging in the staging environment? What do you recommend to me? My question is what to actually do to deal with this vulnerability since I am already in version 8.27.0 of Laravel. Thank you for your attention, I hope I have helped, I am waiting for help to make the right decision. |
Absolutely nobody from Laravel offers support on this one. It's just blank. |
https://www.ambionics.io/blog/laravel-debug-rce
The text was updated successfully, but these errors were encountered: