GHSA-fmg6-246m-9g2v: auth0/login Cookie Encryption Weakness
Plattform
php
Komponente
auth0/login
Behoben in
7.21.0
GHSA-fmg6-246m-9g2v describes a vulnerability in applications built with the Auth0 PHP SDK where cookies are encrypted with insufficient entropy. This may allow attackers to brute-force the encryption key and forge session cookies. This affects applications using laravel-auth0 SDK versions 7.0.0 to 7.20.0 and Auth0-PHP SDK versions 8.0.0 to 8.18.0. Upgrade Auth0/laravel-auth0 to version 7.21.0 or greater to resolve this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is GHSA-fmg6-246m-9g2v?
GHSA-fmg6-246m-9g2v is a cookie encryption weakness in auth0/login that can allow attackers to forge session cookies.
Am I affected by GHSA-fmg6-246m-9g2v?
You are affected if you are using laravel-auth0 SDK versions 7.0.0 to 7.20.0 and Auth0-PHP SDK versions 8.0.0 to 8.18.0.
How do I fix GHSA-fmg6-246m-9g2v?
Upgrade Auth0/laravel-auth0 to version 7.21.0 or greater.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten