CVE-2017-14775

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
References
Link Resource
https://github.com/laravel/framework/pull/21320 Issue Tracking Mailing List Third Party Advisory
https://github.com/laravel/framework/releases/tag/v5.5.10 Release Notes Third Party Advisory
https://laravel-news.com/laravel-v5-5-11 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-28 01:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14775

Mitre link : CVE-2017-14775

CVE.ORG link : CVE-2017-14775


JSON object : View

Products Affected

laravel

  • laravel
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor