State Guessing Vulnerability in laravel/socialite

2024-05-1522:26:19

Google

osv.dev

laravel

socialite

oauth

security

vulnerability

session hijacking

fixed

version 2.0.10

7 High

AI Score

Confidence

Low

JSON

laravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in version 2.0.10.

CPENameOperatorVersion
laravel/socialiteeq2.0.4
laravel/socialiteeq2.0.8
laravel/socialiteeq2.0.0
laravel/socialiteeq1.0.0
laravel/socialiteeq2.0.1
laravel/socialiteeq2.0.3
laravel/socialiteeq1.0.3
laravel/socialiteeq2.0.6
laravel/socialiteeq1.0.1
laravel/socialiteeq1.0.2

Name	Operator	Version
laravel/socialite	eq	2.0.4
laravel/socialite	eq	2.0.8
laravel/socialite	eq	2.0.0
laravel/socialite	eq	1.0.0
laravel/socialite	eq	2.0.1
laravel/socialite	eq	2.0.3
laravel/socialite	eq	1.0.3
laravel/socialite	eq	2.0.6
laravel/socialite	eq	1.0.1
laravel/socialite	eq	1.0.2

Rows per page:

1-10 of 141

References

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-08-03.yaml

github.com/laravel/socialite

github.com/laravel/socialite/commit/3d9ed9f4703de82a89541e2458f64de348a60a99

github.com/laravel/socialite/pull/93

7 High

AI Score

Confidence

Low

JSON