From d87d008873c3218416df27e8461370f2035d8c93 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 16 Nov 2021 10:39:27 +0100
Subject: new laravel issue

---
 data/CVE/2021.list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index d187883d57..ba10c3f458 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -315,7 +315,8 @@ CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 ha
 	NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
 	NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
 CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...)
-	TODO: check
+	- php-laravel-framework <unfixed>
+	NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
 CVE-2021-3957
 	RESERVED
 CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
-- 
cgit v1.2.3