Medium severity5.9NVD Advisory· Published Sep 28, 2017· Updated Jun 17, 2026
CVE-2017-14775
CVE-2017-14775
Description
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
laravel/frameworkPackagist | < 5.5.10 | 5.5.10 |
illuminate/authPackagist | < 5.5.10 | 5.5.10 |
Affected products
3- ghsa-coords2 versions
< 5.5.10+ 1 more
- (no CPE)range: < 5.5.10
- (no CPE)range: < 5.5.10
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-c2v7-j5gq-wcq4ghsaADVISORY
- github.com/laravel/framework/pull/21320nvdIssue TrackingMailing ListThird Party AdvisoryWEB
- github.com/laravel/framework/releases/tag/v5.5.10nvdRelease NotesThird Party AdvisoryWEB
- laravel-news.com/laravel-v5-5-11nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-14775ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/CVE-2017-14775.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2017-14775.yamlghsaWEB
News mentions
0No linked articles in our index yet.