GHSA-7fjv-25q9-2w88 – laravel/socialite

Package

Manager: composer
Name: laravel/socialite
Vulnerable Version: >=1.0.0 <2.0.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

State Guessing Vulnerability in laravel/socialite laravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in version 2.0.10.

Metadata

Created: 2024-05-15T22:26:19Z
Modified: 2024-05-15T22:26:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-7fjv-25q9-2w88/GHSA-7fjv-25q9-2w88.json
CWE IDs: []
Alternative ID: N/A
Finding: F280
Auto approve: 1