Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:5463
HistoryNov 20, 2017 - 9:08 a.m.

Information Disclosure

2017-11-2009:08:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

0.116 Low

EPSS

Percentile

95.3%

laravel/framework is vulnerable to information disclosure attacks. The writeNewEnvironmentFileWith method does not restrict /.env permissions, allowing a malicious user to obtain sensitive information by sending a direct request to the /.env URI.