Laravel 5.4.x Password-Reset URL Host Constraint Vulnerability

Laravel 5.4.x Password-Reset URL Host Constraint Vulnerability

CVE-2017-9303 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

Learn more about our Phishing Simulation.