GHSA-h97c-qp24-439v
First published: Wed May 15 2024(Updated: )
laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/laravel/socialite | >=1.0.0<2.0.9 | 2.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-h97c-qp24-439v
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/tags
- collector/github-advisory
- package-manager/composer