GHSA-6jvx-8ch9-j2jr

Source

https://github.com/advisories/GHSA-6jvx-8ch9-j2jr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6jvx-8ch9-j2jr/GHSA-6jvx-8ch9-j2jr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6jvx-8ch9-j2jr

Published

2024-05-15T22:15:07Z

Modified

2024-11-29T05:41:04.000865Z

Summary

Laravel Cookie serialization vulnerability

Details

Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to laravel advisory for more details and read the notes carefully when upgrading your application.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T22:15:07Z"
}

References

Affected packages

Packagist / laravel/framework

Package

Name: laravel/framework
Purl: pkg:composer/laravel/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.6.30

Affected versions

v5.*

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.5.5

v5.5.6

v5.5.7

v5.5.8

v5.5.9

v5.5.10

v5.5.11

v5.5.12

v5.5.13

v5.5.14

v5.5.15

v5.5.16

v5.5.17

v5.5.18

v5.5.19

v5.5.20

v5.5.21

v5.5.22

v5.5.23

v5.5.24

v5.5.25

v5.5.26

v5.5.27

v5.5.28

v5.5.29

v5.5.30

v5.5.31

v5.5.32

v5.5.33

v5.5.34

v5.5.35

v5.5.36

v5.5.37

v5.5.38

v5.5.39

v5.5.40

v5.5.41

v5.5.42

v5.5.43

v5.5.44

v5.5.45

v5.5.46

v5.5.47

v5.5.48

v5.5.49

v5.5.50

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.6.9

v5.6.10

v5.6.11

v5.6.12

v5.6.13

v5.6.14

v5.6.15

v5.6.16

v5.6.17

v5.6.18

v5.6.19

v5.6.20

v5.6.21

v5.6.22

v5.6.23

v5.6.24

v5.6.25

v5.6.26

v5.6.27

v5.6.28

v5.6.29