GHSA-2867-6rrm-38gr: Laravel Cookie serialization vulnerability

May 15, 2024

Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to laravel advisory for more details and read the notes carefully when upgrading your application.

References

github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/cookie/2018-08-08-1.yaml
github.com/advisories/GHSA-2867-6rrm-38gr
github.com/illuminate/cookie
laravel.com/docs/5.6/upgrade

Code Behaviors & Features

Detect and mitigate GHSA-2867-6rrm-38gr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →