laravel/framework is vulnerable to information disclosure attacks. The writeNewEnvironmentFileWith
method does not restrict /.env
permissions, allowing a malicious user to obtain sensitive information by sending a direct request to the /.env
URI.
CPE | Name | Operator | Version |
---|---|---|---|
laravel/framework | le | 5.5.x-dev | |
laravel/framework | le | 5.5.x-dev |