Name of the Vulnerable Software and Affected Versions Laravel versions prior to 5.5

Description The issue affects applications using the "cookie" session driver, particularly when an encryption oracle is exposed via the application. This allows for remote code execution by generating valid signed encryption strings for any plain-text string, enabling the crafting of session payloads. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Laravel versions prior to 5.5, do not use the "cookie" session driver in production deployments as a temporary workaround. Consider updating the session driver configuration to prevent the exposure of an encryption oracle. At the moment, there is no information about a newer version that contains a fix for this vulnerability.