php · laravel/frameworkHeads-up
laravel/framework: Temporary Signed URL Ambiguity in Local Filesystem Driver
A vulnerability in Laravel's local filesystem driver allows temporary signed URLs to be parsed ambiguously, potentially misrouting requests and bypassing expira
What changed
A vulnerability in Laravel's local filesystem driver allows temporary signed URLs to be parsed ambiguously, potentially misrouting requests and bypassing expiration enforcement.
Who it affects
Applications using Laravel's local filesystem driver with temporary signed URLs.
What to do today
Review and update your Laravel installation to the latest patched version to mitigate the vulnerability.
The trail
Collected→
Audited→
Written→
Published