False positive security issue | GHSA-c2v7-j5gq-wcq4 #47888
Description
Laravel Version
10.16.1
PHP Version
8.2
Database Driver & Version
No response
Description
Hello, sorry in advance for my English.
Google's vulnerability scanner "Osv-scanner" is detecting the latest version of Laravel as vulnerable. I think that problem has already been solved.
Vulnerability: GHSA-c2v7-j5gq-wcq4
Scanning dir /src/ Scanning /src/ at commit 80c6734e5b4dXXXX211a87113d25e45e5d8aXXXX Scanned /src/composer.lock file and found 130 packages Scanned /src/package-lock.json file and found 317 packages Loaded filter from: /src/osv-scanner.toml ╭─────────────────────────────────────┬───────────┬───────────────────┬──────────┬───────────────────╮ │ OSV URL (ID IN BOLD) │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ ├─────────────────────────────────────┼───────────┼───────────────────┼──────────┼───────────────────┤ │ https://osv.dev/GHSA-c2v7-j5gq-wcq4 │ Packagist │ laravel/framework │ v10.16.1 │ src/composer.lock │ ╰─────────────────────────────────────┴───────────┴───────────────────┴──────────┴───────────────────╯From what I can see on your website it is marked as not fixed.
Thanks for Laravel!
Steps To Reproduce
Inside a Laravel project run OSV Scanner, you can use the docker image for more ease.
docker run -it --rm -v ${PWD}:/src ghcr.io/google/osv-scanner /src/