eval.blog

POP Gadget using function injection in RequiredIf

Reported and fixed a vulnerability in Laravel where Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for deserialization vulnerabilities.

References: