Cryptographic Issues Affecting laravel/framework package, versions <6.18.29 >7.0.0, <7.22.2
Snyk CVSS
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LARAVELFRAMEWORK-597247
- published 4 Aug 2020
- disclosed 28 Jul 2020
- credit Unknown
How to fix?
Upgrade laravel/framework
to version 6.18.29, 7.22.2 or higher.
Overview
laravel/framework is a PHP framework for web artisans.
Affected versions of this package are vulnerable to Cryptographic Issues. Laraval applications using the "cookie" session driver that were also exposing an encryption oracle via their application are vulnerable.