Package impact
Packagist / laravel/framework
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9303 | medium | 6.1 | 6.1 | 9y ago | Laravel does not properly constrain the host portion of a password-reset URL | |||
| CVE-2017-14775 | medium | 5.9 | 5.9 | 9y ago | Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. |