GHSA-h97c-qp24-439v: Insecure State Generation in laravel/socialite

May 15, 2024

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.

References

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-07-23.yaml
github.com/advisories/GHSA-h97c-qp24-439v
github.com/laravel/socialite
github.com/laravel/socialite/commit/2ef13bae1484c44ede68e05486bce76cc0fa8dd8
github.com/laravel/socialite/pull/91

Code Behaviors & Features

Detect and mitigate GHSA-h97c-qp24-439v with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →