Skip to content

Insecure State Generation in laravel/socialite

Moderate severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

composer laravel/socialite (Composer)

Affected versions

>= 1.0.0, < 2.0.9

Patched versions

2.0.9

Description

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

References

Published to the GitHub Advisory Database May 15, 2024
Reviewed May 15, 2024
Last updated May 15, 2024

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-h97c-qp24-439v

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.