{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54829?format=json","vulnerability_id":"VCID-36f9-wxda-x3c2","summary":"Laravel Hijacked authentication cookies vulnerability\nLaravel 4.1.26 introduces security improvements for \"remember me\" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc.\n\nThis change requires the addition of a new remember_token column to your users (or equivalent) database table. After this change, a fresh token will be assigned to the user each time they login to your application. The token will also be refreshed when the user logs out of the application. The implications of this change are: if a \"remember me\" cookie is hijacked, simply logging out of the application will invalidate the cookie.","aliases":[{"alias":"GHSA-q4xf-7fw5-4x8v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/illuminate/auth@4.1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.26"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/illuminate/auth@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/198514?format=json","purl":"pkg:composer/illuminate/auth@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/198515?format=json","purl":"pkg:composer/illuminate/auth@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/198516?format=json","purl":"pkg:composer/illuminate/auth@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/198517?format=json","purl":"pkg:composer/illuminate/auth@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/198518?format=json","purl":"pkg:composer/illuminate/auth@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/198519?format=json","purl":"pkg:composer/illuminate/auth@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/198520?format=json","purl":"pkg:composer/illuminate/auth@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/198521?format=json","purl":"pkg:composer/illuminate/auth@4.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/198522?format=json","purl":"pkg:composer/illuminate/auth@4.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/198523?format=json","purl":"pkg:composer/illuminate/auth@4.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/illuminate/auth@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/198524?format=json","purl":"pkg:composer/illuminate/auth@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/198525?format=json","purl":"pkg:composer/illuminate/auth@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/198526?format=json","purl":"pkg:composer/illuminate/auth@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/198527?format=json","purl":"pkg:composer/illuminate/auth@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/198528?format=json","purl":"pkg:composer/illuminate/auth@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/198529?format=json","purl":"pkg:composer/illuminate/auth@4.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/198530?format=json","purl":"pkg:composer/illuminate/auth@4.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/198531?format=json","purl":"pkg:composer/illuminate/auth@4.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/198532?format=json","purl":"pkg:composer/illuminate/auth@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/198533?format=json","purl":"pkg:composer/illuminate/auth@4.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/198534?format=json","purl":"pkg:composer/illuminate/auth@4.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/198535?format=json","purl":"pkg:composer/illuminate/auth@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/198536?format=json","purl":"pkg:composer/illuminate/auth@4.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/198537?format=json","purl":"pkg:composer/illuminate/auth@4.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/198538?format=json","purl":"pkg:composer/illuminate/auth@4.1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/198539?format=json","purl":"pkg:composer/illuminate/auth@4.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/198540?format=json","purl":"pkg:composer/illuminate/auth@4.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/198541?format=json","purl":"pkg:composer/illuminate/auth@4.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/198542?format=json","purl":"pkg:composer/illuminate/auth@4.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/198543?format=json","purl":"pkg:composer/illuminate/auth@4.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/198544?format=json","purl":"pkg:composer/illuminate/auth@4.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/198545?format=json","purl":"pkg:composer/illuminate/auth@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/198546?format=json","purl":"pkg:composer/illuminate/auth@4.1.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.23"},{"url":"http://public2.vulnerablecode.io/api/packages/198547?format=json","purl":"pkg:composer/illuminate/auth@4.1.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.24"},{"url":"http://public2.vulnerablecode.io/api/packages/198548?format=json","purl":"pkg:composer/illuminate/auth@4.1.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36f9-wxda-x3c2"},{"vulnerability":"VCID-5xz2-td65-nyau"},{"vulnerability":"VCID-eqzu-3cmt-2ube"},{"vulnerability":"VCID-t45c-4zgs-r7es"},{"vulnerability":"VCID-yuwm-88g2-jke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.25"}],"references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/2014-04-15.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/2014-04-15.yaml"},{"reference_url":"https://github.com/illuminate/auth","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/illuminate/auth"},{"reference_url":"https://laravel.com/docs/5.1/upgrade#upgrade-4.1.26","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://laravel.com/docs/5.1/upgrade#upgrade-4.1.26"},{"reference_url":"https://github.com/advisories/GHSA-q4xf-7fw5-4x8v","reference_id":"GHSA-q4xf-7fw5-4x8v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4xf-7fw5-4x8v"}],"weaknesses":[{"cwe_id":384,"name":"Session Fixation","description":"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36f9-wxda-x3c2"}