Laravel 5.4.x prior to 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote malicious users to conduct phishing attacks by specifying an attacker-controlled host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
laravel laravel 5.4.0 |