GHSA-vr95-p7q6-8m9q – laravel/framework

Package

Manager: composer
Name: laravel/framework
Vulnerable Version: >=7.0.0 <7.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Laravel Cross-site Scripting (XSS) vulnerability in blade templating Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

Metadata

Created: 2024-05-15T22:16:06Z
Modified: 2024-05-15T22:16:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vr95-p7q6-8m9q/GHSA-vr95-p7q6-8m9q.json
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: F425
Auto approve: 1