{"id":"CVE-2020-24940","details":"An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.","aliases":["BIT-laravel-2020-24940","GHSA-c7rm-w2hj-x8g3"],"modified":"2026-04-12T00:36:44.496535Z","published":"2020-09-04T02:15:10.723Z","references":[{"type":"ADVISORY","url":"https://blog.laravel.com/security-release-laravel-61834-7232"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/laravel/framework","events":[{"introduced":"0"},{"fixed":"7a74817c91be61676deafe3a84a758a71350d9f2"},{"introduced":"0b12ef19623c40e22eff91a4b48cb13b3b415b25"},{"fixed":"75792f4c6945749046d4ec1ce560b04640d36b99"}],"database_specific":{"cpe":"cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"6.18.34"},{"introduced":"7.0.0"},{"fixed":"7.23.2"}]}}],"versions":["v4.0.0","v4.0.0-BETA2","v4.0.0-BETA3","v4.0.0-BETA4","v4.1.0","v5.5.0","v5.5.1","v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.1.0","v6.10.0","v6.10.1","v6.11.0","v6.12.0","v6.13.0","v6.13.1","v6.14.0","v6.15.0","v6.15.1","v6.16.0","v6.17.0","v6.17.1","v6.18.0","v6.18.1","v6.18.10","v6.18.11","v6.18.12","v6.18.13","v6.18.15","v6.18.16","v6.18.17","v6.18.18","v6.18.19","v6.18.2","v6.18.20","v6.18.21","v6.18.22","v6.18.23","v6.18.24","v6.18.25","v6.18.26","v6.18.27","v6.18.28","v6.18.29","v6.18.3","v6.18.30","v6.18.31","v6.18.32","v6.18.33","v6.18.4","v6.18.5","v6.18.6","v6.18.7","v6.18.8","v6.18.9","v6.2.0","v6.3.0","v6.4.0","v6.4.1","v6.5.0","v6.5.1","v6.5.2","v6.6.0","v6.6.1","v6.6.2","v6.7.0","v6.8.0","v6.9.0","v7.0.0","v7.0.1","v7.0.2","v7.0.3","v7.0.4","v7.0.5","v7.0.6","v7.0.7","v7.0.8","v7.1.0","v7.1.1","v7.1.2","v7.1.3","v7.10.0","v7.10.1","v7.10.2","v7.10.3","v7.11.0","v7.12.0","v7.13.0","v7.14.1","v7.15.0","v7.16.0","v7.16.1","v7.17.0","v7.17.1","v7.17.2","v7.18.0","v7.19.0","v7.19.1","v7.2.0","v7.2.1","v7.2.2","v7.20.0","v7.21.0","v7.22.0","v7.22.1","v7.22.2","v7.22.3","v7.22.4","v7.23.0","v7.23.1","v7.3.0","v7.4.0","v7.5.0","v7.5.1","v7.5.2","v7.6.0","v7.6.1","v7.6.2","v7.7.0","v7.7.1","v7.8.0","v7.8.1","v7.9.0","v7.9.1","v7.9.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24940.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}