Описание
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.
Пакеты
Наименование
laravel/framework
composer
Затронутые версииВерсия исправления
>= 7.0.0, < 7.1.2
7.1.2
4.3 Medium
CVSS3
Дефекты
CWE-79
4.3 Medium
CVSS3
Дефекты
CWE-79