First published: Wed May 15 2024(Updated: )
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The `$this->validate()` method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk, allowing unvalidated data to be exposed, which could lead to unexpected behavior and potential security issues.
Affected Software | Affected Version | How to fix |
---|---|---|
composer/livewire/livewire | >=2.2.5<2.2.6 | 2.2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.