VYPR

Packagist (Composer) package

illuminate/auth

pkg:composer/illuminate/auth

Vulnerabilities (2)

  • CVE-2017-14775MedSep 28, 2017
    affected < 5.5.10fixed 5.5.10

    Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

  • CVE-2017-9303MedMay 29, 2017
    affected >= 5.3.0, <= 5.3.31

    Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.