{"api_version":"1","generated_at":"2026-06-22T04:16:46+00:00","cve":"CVE-2021-21979","urls":{"html":"https://cve.report/CVE-2021-21979","api":"https://cve.report/api/cve/CVE-2021-21979.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21979","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21979"},"summary":{"title":"CVE-2021-21979","description":"In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2021-03-03 17:15:00","updated_at":"2022-05-03 16:04:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://github.com/bitnami/bitnami-docker-laravel/issues/139","name":"https://github.com/bitnami/bitnami-docker-laravel/issues/139","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Laravel APP_KEY  is fixed in docker image bitnami/laravel · Issue #139 · bitnami/bitnami-docker-laravel · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21979","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21979","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"6.19.0-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"7.29.0-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"7.30.0-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.3.0-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.5.2-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.5.2-debian-10-r1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.5.3-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.5.4-debian-10-r0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"8.5.4-debian-10-r1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.0.2-debian-9-r22","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.12.0-debian-10-r33","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.18.0-debian-10-r21","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.18.3-debian-10-r22","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.18.35-debian-10-r66","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.18.8-debian-10-r110","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.4.0-debian-9-r31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.5.2-debian-9-r20","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"6.8.0-debian-9-r26","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.0.0-debian-10-r7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.12.0-debian-10-r72","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.25.0-debian-10-r16","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.28.0-debian-10-r50","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.3.0-debian-10-r20","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"7.6.0-debian-10-r38","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.0.1-debian-10-r7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.0.3-debian-10-r18","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.1.0-debian-10-r7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.2.0-debian-10-r8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.4.0-debian-10-r10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.4.1-debian-10-r6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.4.2-debian-10-r4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.4.3-debian-10-r6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.4.4-debian-10-r6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.10-debian-10-r6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.5-debian-10-r11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.6-debian-10-r13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.7-debian-10-r6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.8-debian-10-r5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21979","vulnerable":"1","versionEndIncluding":"8.5.9-debian-10-r25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitnami","cpe5":"containers","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"laravel","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-21979","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Bitnami Containers","version":{"version_data":[{"version_value":"All Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6,  7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"APP_KEY fixed in the container image"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/bitnami/bitnami-docker-laravel/issues/139","url":"https://github.com/bitnami/bitnami-docker-laravel/issues/139"}]},"description":{"description_data":[{"lang":"eng","value":"In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application."}]}},"nvd":{"publishedDate":"2021-03-03 17:15:00","lastModifiedDate":"2022-05-03 16:04:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r1:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r1:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.4.0-debian-9-r0","versionEndIncluding":"6.4.0-debian-9-r31","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.5.2-debian-9-r0","versionEndIncluding":"6.5.2-debian-9-r20","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.8.0-debian-9-r0","versionEndIncluding":"6.8.0-debian-9-r26","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.12.0-debian-9-r0","versionEndIncluding":"6.12.0-debian-10-r33","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.18.0-debian-10-r0","versionEndIncluding":"6.18.0-debian-10-r21","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.18.3-debian-10-r0","versionEndIncluding":"6.18.3-debian-10-r22","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.18.8-debian-10-r0","versionEndIncluding":"6.18.8-debian-10-r110","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.18.35-debian-10-r0","versionEndIncluding":"6.18.35-debian-10-r66","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:6.19.0-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.20.0-debian-10-r0","versionEndExcluding":"6.20.0-debian-10-r107","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.0.0-debian-10-r0","versionEndIncluding":"7.0.0-debian-10-r7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.3.0-debian-10-r0","versionEndIncluding":"7.3.0-debian-10-r20","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.6.0-debian-10-r0","versionEndIncluding":"7.6.0-debian-10-r38","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.12.0-debian-10-r0","versionEndIncluding":"7.12.0-debian-10-r72","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.25.0-debian-10-r0","versionEndIncluding":"7.25.0-debian-10-r16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.28.0-debian-10-r0","versionEndIncluding":"7.28.0-debian-10-r50","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:7.29.0-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:7.30.0-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"7.30.1-debian-10-r0","versionEndExcluding":"7.30.1-debian-10-r108","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.0.1-debian-10-r0","versionEndIncluding":"8.0.1-debian-10-r7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.0.3-debian-10-r0","versionEndIncluding":"8.0.3-debian-10-r18","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.1.0-debian-10-r0","versionEndIncluding":"8.1.0-debian-10-r7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.2.0-debian-10-r0","versionEndIncluding":"8.2.0-debian-10-r8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.3.0-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.4.0-debian-10-r0","versionEndIncluding":"8.4.0-debian-10-r10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.4.1-debian-10-r0","versionEndIncluding":"8.4.1-debian-10-r6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.4.2-debian-10-r0","versionEndIncluding":"8.4.2-debian-10-r4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.4.3-debian-10-r0","versionEndIncluding":"8.4.3-debian-10-r6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.4.4-debian-10-r0","versionEndIncluding":"8.4.4-debian-10-r6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.5.2-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.5.3-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:8.5.4-debian-10-r0:*:*:*:*:laravel:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.5-debian-10-r0","versionEndIncluding":"8.5.5-debian-10-r11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.6-debian-10-r0","versionEndIncluding":"8.5.6-debian-10-r13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.7-debian-10-r0","versionEndIncluding":"8.5.7-debian-10-r6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.8-debian-10-r0","versionEndIncluding":"8.5.8-debian-10-r5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.9-debian-10-r0","versionEndIncluding":"8.5.9-debian-10-r25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"8.5.10-debian-10-r0","versionEndIncluding":"8.5.10-debian-10-r6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitnami:containers:*:*:*:*:*:laravel:*:*","versionStartIncluding":"6.0.2-debian-9-r0","versionEndIncluding":"6.0.2-debian-9-r22","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21979","Ordinal":"196674","Title":"CVE-2021-21979","CVE":"CVE-2021-21979","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21979","Ordinal":"1","NoteData":"In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21979","Ordinal":"2","NoteData":"2021-03-03","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21979","Ordinal":"3","NoteData":"2021-03-03","Type":"Other","Title":"Modified"}]}}}