Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/illuminate/auth@5.4.27
purl pkg:composer/illuminate/auth@5.4.27
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-t45c-4zgs-r7es User phishing There's a vulnerability that allows phishing attempts on users of the application. Using the password reset system, malicious users can attempt to trick your users into entering their login credentials into a separate application that they control. Since the password reset notification uses the host of the incoming request to build the password reset URL, the host of the password reset URL may be spoofed. If users do not notice that they are not on their intended application's domain, they may accidentally enter their login credentials into a malicious application. CVE-2017-9303

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:36:55.108352+00:00 GitLab Importer Fixing VCID-t45c-4zgs-r7es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/illuminate/auth/CVE-2017-9303.yml 38.6.0