GHSA-h97c-qp24-439v
First published: Wed May 15 2024(Updated: )
laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/laravel/socialite | >=1.0.0<2.0.9 | 2.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-h97c-qp24-439v?
The severity of GHSA-h97c-qp24-439v is considered important due to its potential impact on the OAuth authentication process.
How do I fix GHSA-h97c-qp24-439v?
To fix GHSA-h97c-qp24-439v, upgrade to laravel/socialite version 2.0.9 or later.
What is the specific vulnerability in GHSA-h97c-qp24-439v?
The vulnerability in GHSA-h97c-qp24-439v is related to an insecure state generation mechanism in the OAuth authentication process.
Which versions of laravel/socialite are affected by GHSA-h97c-qp24-439v?
Versions of laravel/socialite prior to 2.0.9 are affected by GHSA-h97c-qp24-439v.
What improvements were made in version 2.0.9 of laravel/socialite regarding GHSA-h97c-qp24-439v?
Version 2.0.9 of laravel/socialite improved the state generation mechanism by ensuring it uses a truly random approach.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-h97c-qp24-439v
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- collector/github-advisory
- agent/tags
- agent/source
- package-manager/composer