Fix CVE-2021-43503 in Laravel HIGH
Fix CVE-2021-43503 (mass assignment bypass) in Laravel for PHP. Paste your composer.json into PackageFix and get a patched version back — no CLI, no signup.
⚠ Vulnerability
CVE-2021-43503 — mass assignment bypass in Laravel. Update to ^10.0 or later.
Vulnerable Version — composer.json
"laravel/framework": "^8.0"
Fixed Version — composer.json
"laravel/framework": "^10.0"
✓ Fix
Update to ^10.0 and run composer install to apply the fix.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What is CVE-2021-43503?
CVE-2021-43503 is a vulnerability in Laravel that allows mass assignment bypass. Update to version ^10.0 or later to fix it.
Is CVE-2021-43503 on the CISA KEV catalog?
Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.
How do I fix CVE-2021-43503 in Laravel?
Update Laravel to version ^10.0 or later in your composer.json. Run composer install after updating.
Does CVE-2021-43503 affect all versions of Laravel?
Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.