Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
References
Link | Resource |
---|---|
https://github.com/laravel/framework/pull/21320 | Issue Tracking Mailing List Third Party Advisory |
https://github.com/laravel/framework/releases/tag/v5.5.10 | Release Notes Third Party Advisory |
https://laravel-news.com/laravel-v5-5-11 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:40
Updated: 2022-10-03T16:23:40
Reserved: 2022-10-03T00:00:00
Link: CVE-2017-14775
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-28T01:29:01.857
Modified: 2017-10-10T12:25:01.227
Link: CVE-2017-14775
JSON object: View
Redhat Information
No data.
CWE