Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-rj3w-99gc-8j58: Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application is not vulnerable. However, if you are using guarded and are passing a user controlled array into an "update" or "save" type function, you should upgrade to 4.1.29 immediately as your application may be at risk of mass assignment.

ghsa
#vulnerability#git
GHSA-hvgw-gg3p-295j: Read private customer data reclaiming carts in Klaviyo Magento

A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API.

GHSA-6wjw-qf87-fv5v: Laravel Encrypter Failure to decryption vulnerability

A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lead to unexpected behavior when combined with weak type comparisons, for example: ```php <?php $decyptedValue = decrypt($secret); if ($decryptedValue == '') { // Code is run even though decrypted value is false... } ```

GHSA-2867-6rrm-38gr: Laravel Cookie serialization vulnerability

Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to [laravel advisory](https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30) for more details and read the notes carefully when upgrading your application.

GHSA-297g-xg4h-7w4c: Laravel Cross-site Scripting vulnerability in blade templating

Laravel is prone to a Cross-site Scripting vulnerability in blade templating.

GHSA-cc2w-ghc5-m5qr: Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application is not vulnerable. However, if you are using guarded and are passing a user controlled array into an "update" or "save" type function, you should upgrade to 4.1.29 immediately as your application may be at risk of mass assignment.

GHSA-2ffv-r4r9-r8xr: Laravel RCE vulnerability in "cookie" session driver

Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie" session driver in their production deployments. Regarding the vulnerability, applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the user. This combination of scenarios lets the user generate valid Laravel signed encryption strings for any plain-text string, thus allowing them to craft Laravel session payloads when an application is using the "cookie" driver. This fix prefixes cookie values with an HMAC hash of the cookie's name before encryption and then ver...

GHSA-q4xf-7fw5-4x8v: Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This change requires the addition of a new remember_token column to your users (or equivalent) database table. After this change, a fresh token will be assigned to the user each time they login to your application. The token will also be refreshed when the user logs out of the application. The implications of this change are: if a "remember me" cookie is hijacked, simply logging out of the application will invalidate the cookie.

GHSA-2gq2-m628-33xp: gregwar/rst Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

GHSA-9gxv-x7rp-r2hc: gree/jose - "None" Algorithm treated as valid in tokens

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).