CVE-2024-55661 – Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

https://notcve.org/view.php?id=CVE-2024-55661

13 Dec 2024 — Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. An authenticated user with access to Laravel Pulse dashboard ... • https://github.com/laravel/pulse/commit/d1a5bf2eca36c6e3bedb4ceecd45df7d002a1ebc • CWE-94: Improper Control of Generation of Code ('Code Injection') •