GHSA-vr95-p7q6-8m9q: Laravel Cross-site Scripting (XSS) vulnerability in blade templating

May 15, 2024

Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

References

blog.laravel.com/security-laravel-712-released
github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2020-03-13-1.yaml
github.com/advisories/GHSA-vr95-p7q6-8m9q
github.com/laravel/framework
github.com/laravel/framework/pull/31945
github.com/laravel/framework/releases/tag/v7.1.2

Detect and mitigate GHSA-vr95-p7q6-8m9q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →