IDCVSSSummaryLast (major) updatePublished
CVE-2017-14775 4.3
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
10-10-2017 - 12:25 28-09-2017 - 01:29
CVE-2017-16894 5.0
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function
09-03-2018 - 02:29 20-11-2017 - 01:29
CVE-2018-15133 6.8
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php
15-07-2019 - 17:15 09-08-2018 - 19:29
CVE-2017-9303 5.8
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
08-06-2017 - 16:57 29-05-2017 - 22:29
Back to Top Mark selected
Back to Top