php · laravel/frameworkCritical
laravel/framework: CRLF injection in email validation
A CRLF injection vulnerability in Laravel's email validation allows unauthenticated attackers to interfere with outbound email processing when sending mail to u
What changed
A CRLF injection vulnerability in Laravel's email validation allows unauthenticated attackers to interfere with outbound email processing when sending mail to user-supplied addresses.
Who it affects
Laravel applications that send email to addresses provided by users, e.g., during authentication flows or contact forms.
What to do today
Upgrade to version 12.60.0 or later, or 13.10.0 or later.
The trail
Collected→
Audited→
Written→
Published