Improper Input Validation Affecting livewire/livewire package, versions >=2.2.5, <2.2.6
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LIVEWIRELIVEWIRE-1012444
- published 24 Sep 2020
- disclosed 24 Sep 2020
- credit Unknown
How to fix?
Upgrade livewire/livewire to version 2.2.6 or higher.
Overview
livewire/livewire is an A front-end framework for Laravel.
Affected versions of this package are vulnerable to Improper Input Validation. $this->validate() usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component.