Insecure State Generation in laravel/socialite

2024-05-1522:27:23

CWE-331

GitHub Advisory Database

github.com

laravel

socialite

insecure state

7.3 High

AI Score

Confidence

Low

JSON

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

CPENameOperatorVersion
laravel/socialitege1.0.0
laravel/socialitelt2.0.9

CPE	Name	Operator	Version
	laravel/socialite	ge	1.0.0
	laravel/socialite	lt	2.0.9

References

github.com/advisories/GHSA-h97c-qp24-439v

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-07-23.yaml

github.com/laravel/socialite/commit/2ef13bae1484c44ede68e05486bce76cc0fa8dd8

github.com/laravel/socialite/pull/91

7.3 High

AI Score

Confidence

Low

JSON