{"url":"http://public2.vulnerablecode.io/api/packages/52326?format=json","purl":"pkg:composer/laravel/socialite@1.0.0","type":"composer","namespace":"laravel","name":"socialite","version":"1.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.10","latest_non_vulnerable_version":"2.0.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37890?format=json","vulnerability_id":"VCID-21qc-541p-jug6","summary":"State guessing vulnerability.","references":[{"reference_url":"https://github.com/laravel/socialite/pull/93","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/laravel/socialite/pull/93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52337?format=json","purl":"pkg:composer/laravel/socialite@2.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.10"}],"aliases":["GMS-2015-69"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21qc-541p-jug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37889?format=json","vulnerability_id":"VCID-ezec-rkuz-wuff","summary":"Insecure state generation\nState is not pulled of the session, and can be guessed later.","references":[{"reference_url":"https://github.com/laravel/socialite/pull/93","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/laravel/socialite/pull/93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52337?format=json","purl":"pkg:composer/laravel/socialite@2.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.10"}],"aliases":["GMS-2015-16"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezec-rkuz-wuff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54917?format=json","vulnerability_id":"VCID-jdjy-ybxh-j7hx","summary":"Insecure State Generation in laravel/socialite\nlaravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhancing the security of the OAuth flow.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-07-23.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-07-23.yaml"},{"reference_url":"https://github.com/laravel/socialite","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite"},{"reference_url":"https://github.com/laravel/socialite/commit/2ef13bae1484c44ede68e05486bce76cc0fa8dd8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite/commit/2ef13bae1484c44ede68e05486bce76cc0fa8dd8"},{"reference_url":"https://github.com/laravel/socialite/pull/91","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite/pull/91"},{"reference_url":"https://github.com/advisories/GHSA-h97c-qp24-439v","reference_id":"GHSA-h97c-qp24-439v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h97c-qp24-439v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52328?format=json","purl":"pkg:composer/laravel/socialite@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21qc-541p-jug6"},{"vulnerability":"VCID-ezec-rkuz-wuff"},{"vulnerability":"VCID-zska-hg14-dbgj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.9"}],"aliases":["GHSA-h97c-qp24-439v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdjy-ybxh-j7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37885?format=json","vulnerability_id":"VCID-nttt-2yjf-h3f7","summary":"Insecure state generation.","references":[{"reference_url":"https://github.com/laravel/socialite/pull/91","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/laravel/socialite/pull/91"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52328?format=json","purl":"pkg:composer/laravel/socialite@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21qc-541p-jug6"},{"vulnerability":"VCID-ezec-rkuz-wuff"},{"vulnerability":"VCID-zska-hg14-dbgj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.9"}],"aliases":["GMS-2015-68"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nttt-2yjf-h3f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54911?format=json","vulnerability_id":"VCID-zska-hg14-dbgj","summary":"State Guessing Vulnerability in laravel/socialite\nlaravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in version 2.0.10.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-08-03.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/socialite/2015-08-03.yaml"},{"reference_url":"https://github.com/laravel/socialite","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite"},{"reference_url":"https://github.com/laravel/socialite/commit/3d9ed9f4703de82a89541e2458f64de348a60a99","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite/commit/3d9ed9f4703de82a89541e2458f64de348a60a99"},{"reference_url":"https://github.com/laravel/socialite/pull/93","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laravel/socialite/pull/93"},{"reference_url":"https://github.com/advisories/GHSA-7fjv-25q9-2w88","reference_id":"GHSA-7fjv-25q9-2w88","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fjv-25q9-2w88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52337?format=json","purl":"pkg:composer/laravel/socialite@2.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.10"}],"aliases":["GHSA-7fjv-25q9-2w88"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zska-hg14-dbgj"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@1.0.0"}