Data Leakage Vulnerability in livewire/livewire

2024-05-1522:28:49

CWE-200

GitHub Advisory Database

github.com

livewire

data leakage

vulnerability

security risk

unvalidated data

unexpected behavior

7 High

AI Score

Confidence

Low

JSON

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this->validate() method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk, allowing unvalidated data to be exposed, which could lead to unexpected behavior and potential security issues.

Affected configurations

Vulners

Node

laravellivewireRange<2.2.6

CPENameOperatorVersion
livewire/livewirelt2.2.6

CPE	Name	Operator	Version
	livewire/livewire	lt	2.2.6

References

github.com/advisories/GHSA-qwvp-268g-jjm8

github.com/FriendsOfPHP/security-advisories/blob/master/livewire/livewire/2020-09-22-1.yaml

github.com/livewire/livewire/commit/6929f5882138a98187c196ce66cc689712c000af

github.com/livewire/livewire/releases/tag/v2.2.6

7 High

AI Score

Confidence

Low

JSON