GHSA-2867-6rrm-38gr

Suggest an improvement
Source
https://github.com/advisories/GHSA-2867-6rrm-38gr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2867-6rrm-38gr/GHSA-2867-6rrm-38gr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2867-6rrm-38gr
Published
2024-05-15T21:56:10Z
Modified
2024-11-29T05:43:37.505737Z
Summary
Laravel Cookie serialization vulnerability
Details

Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to laravel advisory for more details and read the notes carefully when upgrading your application.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:56:10Z"
}
References

Affected packages

Packagist / illuminate/cookie

Package

Name
illuminate/cookie
Purl
pkg:composer/illuminate/cookie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.6.30

Affected versions

v5.*

v5.5.0
v5.5.2
v5.5.16
v5.5.17
v5.5.28
v5.5.33
v5.5.34
v5.5.35
v5.5.36
v5.5.37
v5.5.39
v5.5.40
v5.5.41
v5.5.43
v5.5.44
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.19
v5.6.20
v5.6.21
v5.6.22
v5.6.23
v5.6.24
v5.6.25
v5.6.26
v5.6.27
v5.6.28
v5.6.29