Laravel · Voyager · CVE-2019-17050
**Name of the Vulnerable Software and Affected Versions**
Voyager package through 1.2.7 for Laravel
**Description**
An issue allows an attacker with admin privileges and Compass access to read or delete arbitrary files, such as the .env file.
**Recommendations**
For Voyager package through 1.2.7, switch off Compass in a production environment as a mitigation measure.