Illuminate Auth vulnerabilities

CVE-2017-14775 [MEDIUM] CWE-200 Laravel Sensitive Data Exposure Laravel Sensitive Data Exposure Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

CVE-2017-9303 [MEDIUM] CWE-20 Laravel does not properly constrain the host portion of a password-reset URL Laravel does not properly constrain the host portion of a password-reset URL Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.