Authentication Cookie Hijacking Affecting laravel/framework package, versions <4.1.26
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LARAVELFRAMEWORK-72100
- published 8 Mar 2018
- disclosed 15 Apr 2014
- credit Unknown
How to fix?
Upgrade laravel/framework
to version 4.1.26 or higher.
Overview
laravel/framework is a web application framework.
Affected versions of this package are vulnerable to Authentication Cookie Hijacking. If a "remember"
cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc.