Описание
Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this->validate() method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk, allowing unvalidated data to be exposed, which could lead to unexpected behavior and potential security issues.
Пакеты
Наименование
livewire/livewire
composer
Затронутые версииВерсия исправления
>= 2.2.5, < 2.2.6
2.2.6
Дефекты
CWE-200
Дефекты
CWE-200