GHSA-7fjv-25q9-2w88: State Guessing Vulnerability in laravel/socialite

May 15, 2024

laravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in version 2.0.10.

References

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-08-03.yaml
github.com/advisories/GHSA-7fjv-25q9-2w88
github.com/laravel/socialite
github.com/laravel/socialite/commit/3d9ed9f4703de82a89541e2458f64de348a60a99
github.com/laravel/socialite/pull/93

Detect and mitigate GHSA-7fjv-25q9-2w88 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →