POP Gadget using function injection in RequiredIf
June 12, 2021 ◦ 1 min ◦
Reported and fixed a vulnerability in Laravel where Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for deserialization vulnerabilities.
References: