GHSA-vr95-p7q6-8m9q

Source

https://github.com/advisories/GHSA-vr95-p7q6-8m9q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vr95-p7q6-8m9q/GHSA-vr95-p7q6-8m9q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vr95-p7q6-8m9q

Published

2024-05-15T22:16:06Z

Modified

2024-11-29T05:42:16.505064Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Laravel Cross-site Scripting (XSS) vulnerability in blade templating

Details

Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T22:16:06Z"
}

References

Affected packages

Packagist / laravel/framework

Package

Name: laravel/framework
Purl: pkg:composer/laravel/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.1.2

Affected versions

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.1.0

v7.1.1