In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions.

Source: CVE-2017-16894

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.