Sephster
commented
6 months ago Thanks for reporting this but it is no longer a risk. It was patched in version 8.4.2 as per the CVE report. If you use a version later than this you should be fine.
Closed ankitdn closed 6 months ago
Sephster
commented
6 months ago Thanks for reporting this but it is no longer a risk. It was patched in version 8.4.2 as per the CVE report. If you use a version later than this you should be fine.
ankitdn
commented
6 months ago Thank you. I'll update the version.
Bug Description: During a security vulnerability scan of my Laravel backend application using Vulert, I discovered a potential security risk associated with the League/Oauth2-Server package.
Details: The issue involves key exposure within exception messages generated by the package. This vulnerability could potentially lead to the disclosure of sensitive information and poses a security threat to applications using the League/Oauth2-Server.
References: