Search for vulnerabilities
| Vulnerability ID | VCID-kr17-12b7-6ke2 |
| Aliases |
GHSA-7852-w36x-6mf6
|
| Summary | Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of `false`. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the application's code, such as the example below: ``` <?php $decyptedValue = decrypt($secret); if ($decryptedValue == '') { // Code is run even though decrypted value is false... } ``` |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2018-03-30-1.yaml |
| generic_textual | MODERATE | https://github.com/laravel/framework |
| generic_textual | MODERATE | https://github.com/laravel/framework/commit/28e53f23a76206fb130e9a54eb95aa3f010e79c9 |
| generic_textual | MODERATE | https://github.com/laravel/framework/commit/886d261df0854426b4662b7ed5db6a1c575a4279 |
| generic_textual | MODERATE | https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:21:41.482945+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/laravel/framework/GHSA-7852-w36x-6mf6.yml | 38.6.0 |