GHSA-h97c-qp24-439v

Source

https://github.com/advisories/GHSA-h97c-qp24-439v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-h97c-qp24-439v/GHSA-h97c-qp24-439v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h97c-qp24-439v

Published

2024-05-15T22:27:23Z

Modified

2024-05-15T22:31:01.981592Z

Summary

Insecure State Generation in laravel/socialite

Details

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

References

Affected packages

Packagist / laravel/socialite

Package

Name: laravel/socialite
Purl: pkg:composer/laravel/socialite

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

2.0.9

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8