Bug Description:
During a security vulnerability scan of my Laravel backend application using Vulert, I discovered a potential security risk associated with the League/Oauth2-Server package.
Details:
The issue involves key exposure within exception messages generated by the package. This vulnerability could potentially lead to the disclosure of sensitive information and poses a security threat to applications using the League/Oauth2-Server.
Thanks for reporting this but it is no longer a risk. It was patched in version 8.4.2 as per the CVE report. If you use a version later than this you should be fine.
Bug Description: During a security vulnerability scan of my Laravel backend application using Vulert, I discovered a potential security risk associated with the League/Oauth2-Server package.
Details: The issue involves key exposure within exception messages generated by the package. This vulnerability could potentially lead to the disclosure of sensitive information and poses a security threat to applications using the League/Oauth2-Server.
References: