Package impact
Packagist / laravel/framework
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-9303 | medium | 6.1 | 6.1 | 9y ago | Laravel does not properly constrain the host portion of a password-reset URL | |
| CVE-2017-14775 | medium | 5.9 | 5.9 | 9y ago | Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. |