CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions.

Source: CVE-2017-16894