CVE-2024-6056

Name of the Vulnerable Software and Affected Versions: nasirkhan Laravel Starter versions up to 11.8.0

Description: A vulnerability was found in the Password Reset Handler component, specifically affecting some unknown functionality of the file /forgot-password. The manipulation of the Email argument leads to observable response discrepancy. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.

Recommendations: For nasirkhan Laravel Starter versions up to 11.8.0, consider disabling the Password Reset Handler component or restricting access to the /forgot-password file until a patch is available. As a temporary workaround, avoid using the Email argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.