Information Exposure Affecting pwweb/laravel-core package, versions <0.3.7-beta
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-PWWEBLARAVELCORE-1245481
- published 14 Apr 2021
- disclosed 13 Apr 2021
- credit Unknown
How to fix?
Upgrade pwweb/laravel-core
to version 0.3.7-beta or higher.
Overview
pwweb/laravel-core is a library that adds additional core functionalities for Laravel.
Affected versions of this package are vulnerable to Information Exposure. Password field can leak during serialisation of the User
model. Passwords are in the encrypted form, but if User
model is requested in json
or array
form the value is printed.