Encryption Failure Affecting laravel/framework package, versions >=5.1.0, <=5.1.46 >=5.0.0, <=5.0.35 >=5.5.0, <5.5.40 >=5.3.0, <=5.3.31 >=4.1.0, <=4.1.31 >=4.0.0, <=4.0.11 >=5.4.0, <=5.4.36 >=4.2.0, <=4.2.22 >=5.2.0, <=5.2.45 >=5.6.0, <5.6.15
Snyk CVSS
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LARAVELFRAMEWORK-72114
- published 3 Apr 2018
- disclosed 1 Apr 2018
- credit Unknown
How to fix?
Upgrade laravel/framework
to versions 5.6.15, 5.5.40 or higher.
Overview
laravel/framework is a web application framework.
Affected versions of this package are vulnerable due to Encryption Failure. The Encrypter functionality may fail during decryption and unexpectedly return false.