CVE-2017-14775

CVE-2017-14775

EPSS 1.2%

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/laravel/framework/pull/21320 https://github.com/laravel/framework/releases/tag/v5.5.10 https://laravel-news.com/laravel-v5-5-11