Описание
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php-laravel-framework | not-affected | package |
EPSS
Процентиль: 43%
0.00203
Низкий
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
CVSS3: 6.1
github
около 3 лет назад
Laravel does not properly constrain the host portion of a password-reset URL
EPSS
Процентиль: 43%
0.00203
Низкий