Lucene search

CVE-2017-9303

🗓️ 29 May 2017 22:00:29Reported by mitreType

Laravel 5.4.x before 5.4.22 allows phishing attacks via uncontrolled host in password-reset URL

Reporter	Title	Published	Views	Family All 10
OSV	Laravel does not properly constrain the host portion of a password-reset URL	17 May 202202:42	–	osv
OSV	CVE-2017-9303	29 May 201722:29	–	osv
Friends Of PHP	Password reset phishing vulnerability	1 Jan 197000:00	–	friendsofphp
Friends Of PHP	Password reset phishing vulnerability	1 Jan 197000:00	–	friendsofphp
Prion	Default credentials	29 May 201722:29	–	prion
Debian CVE	CVE-2017-9303	29 May 201722:29	–	debiancve
Veracode	Phishing Attacks	30 May 201701:59	–	veracode
Cvelist	CVE-2017-9303	29 May 201722:00	–	cvelist
NVD	CVE-2017-9303	29 May 201722:29	–	nvd
Github Security Blog	Laravel does not properly constrain the host portion of a password-reset URL	17 May 202202:42	–	github

Nvd

Node

laravel laravelMatch5.4.0

Source	Link
laravel-news	www.laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix
securityfocus	www.securityfocus.com/bid/98776

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 May 2017 22:29Current

6.1Medium risk

Vulners AI Score6.1

CVSS25.8

CVSS36.1

EPSS0.00081

CWE-20