cvedb.io
CVE-2024-55661
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-12-13T16:15:27.767 · Last modified 2026-06-17T08:11:21.860

Summary

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method in which the callable is a function or static method and the callable has no parameters or no strict parameter types. The vulnerable to component is `remember(callable $query, string $key = '')` method in `Laravel\Pulse\

Affected products

laravel — pulse

Does this affect you?

Add your gear to cvedb and we'll alert you only when laravel ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.