exploitDog

GHSA-63qj-p8gh-5xxx

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

Ссылки

Пакеты

Наименование

rap2hpoutre/laravel-log-viewer

composer

Затронутые версииВерсия исправления

< 0.13.0

0.13.0

EPSS

Процентиль: 95%

0.16169

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-312

Связанные уязвимости

CVE-2018-8947

CVSS3: 7.5

nvd

почти 8 лет назад

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.

EPSS

Процентиль: 95%

0.16169

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-312