POP Gadget using function injection in RequiredIf

Reported and fixed a vulnerability in Laravel where Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for deserialization vulnerabilities.
  • Posted on: 2021-06-12 14:36
  • Reading Time: 0 min
  • Share on:
    Y Combinator
    Reddit
    Mastodon

References