The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false
. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the applicationβs code, such as the example below:
<?php
$decyptedValue = decrypt($secret);
if ($decryptedValue == '') {
// Code is run even though decrypted value is false...
}
CPE | Name | Operator | Version |
---|---|---|---|
laravel/framework | lt | 5.6.15 | |
laravel/framework | lt | 5.5.40 |
github.com/advisories/GHSA-7852-w36x-6mf6
github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2018-03-30-1.yaml
github.com/laravel/framework/commit/28e53f23a76206fb130e9a54eb95aa3f010e79c9
github.com/laravel/framework/commit/886d261df0854426b4662b7ed5db6a1c575a4279
medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0