GHSA-qwvp-268g-jjm8

Source
https://github.com/advisories/GHSA-qwvp-268g-jjm8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-qwvp-268g-jjm8/GHSA-qwvp-268g-jjm8.json
Published
2024-05-15T22:28:49Z
Modified
2024-05-15T22:49:55.478561Z
Summary
Data Leakage Vulnerability in livewire/livewire
Details

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this->validate() method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk, allowing unvalidated data to be exposed, which could lead to unexpected behavior and potential security issues.

References

Affected packages

Packagist / livewire/livewire

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.5
Fixed
2.2.6

Affected versions

v2.*

v2.2.5