CVE-2017-14775

Published September 28th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

laravel/framework

Laravel is a web application framework with expressive, elegant syntax.

GitHub

34.7K