VulnerableCode Package Details - pkg:composer/illuminate/auth@5.2.27

Search for packages

Vulnerability	Summary	Fixed by
VCID-eqzu-3cmt-2ube Aliases: CVE-2017-14775 GHSA-c2v7-j5gq-wcq4	Close remember_me Timing Attack Vector This package mishandles the `remember_me token` verification process because `DatabaseUserProvider` does not have constant-time token comparison.	5.5.10 Affected by 0 other vulnerabilities. 5.5.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-t45c-4zgs-r7es Aliases: CVE-2017-9303 GHSA-rc8x-jrrc-frfv	User phishing There's a vulnerability that allows phishing attempts on users of the application. Using the password reset system, malicious users can attempt to trick your users into entering their login credentials into a separate application that they control. Since the password reset notification uses the host of the incoming request to build the password reset URL, the host of the password reset URL may be spoofed. If users do not notice that they are not on their intended application's domain, they may accidentally enter their login credentials into a malicious application.	5.4.22 Affected by 0 other vulnerabilities. 5.4.27 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yuwm-88g2-jke5 Aliases: GMS-2018-28	Unsafe payload decryption There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.	5.5.40 Affected by 0 other vulnerabilities. 5.6.15 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-eqzu-3cmt-2ube
Aliases:
CVE-2017-14775
GHSA-c2v7-j5gq-wcq4

Close remember_me Timing Attack Vector This package mishandles the `remember_me token` verification process because `DatabaseUserProvider` does not have constant-time token comparison.

5.5.10
Affected by 0 other vulnerabilities.

5.5.15
Affected by 1 other vulnerability.

VCID-t45c-4zgs-r7es
Aliases:
CVE-2017-9303
GHSA-rc8x-jrrc-frfv

User phishing There's a vulnerability that allows phishing attempts on users of the application. Using the password reset system, malicious users can attempt to trick your users into entering their login credentials into a separate application that they control. Since the password reset notification uses the host of the incoming request to build the password reset URL, the host of the password reset URL may be spoofed. If users do not notice that they are not on their intended application's domain, they may accidentally enter their login credentials into a malicious application.

5.4.22
Affected by 0 other vulnerabilities.

5.4.27
Affected by 2 other vulnerabilities.

5.5.15
Affected by 1 other vulnerability.

VCID-yuwm-88g2-jke5
Aliases:
GMS-2018-28

Unsafe payload decryption There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.

5.5.40
Affected by 0 other vulnerabilities.

5.6.15
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:11:42.630606+00:00	GitLab Importer	Affected by	VCID-yuwm-88g2-jke5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/GMS-2018-28.yml	38.6.0
2026-06-04T20:09:07.546363+00:00	GitLab Importer	Affected by	VCID-eqzu-3cmt-2ube	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/CVE-2017-14775.yml	38.6.0
2026-06-04T20:08:07.392804+00:00	GitLab Importer	Affected by	VCID-t45c-4zgs-r7es	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/CVE-2017-9303.yml	38.6.0