GHSA-h97c-qp24-439v

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

Insecure State Generation in laravel/socialite

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

Ссылки

https://github.com/laravel/socialite/pull/91
https://github.com/laravel/socialite/commit/2ef13bae1484c44ede68e05486bce76cc0fa8dd8
https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-07-23.yaml

Пакеты

Наименование

laravel/socialite

composer

Затронутые версииВерсия исправления

>= 1.0.0, < 2.0.9

2.0.9

Дефекты

CWE-331

Дефекты

CWE-331