Versions of Zend Framework earlier than 2.3.8, or 2.4.x earlier than 2.4.1 are vulnerable to a flaw in the βZend\Mailβ and βZend\Httpβ components that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in responses. This allows a context-dependent attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
Binary data 9138.prm
Vendor | Product | Version | CPE |
---|---|---|---|
thomas_breuss | zend_framework_integration_zend_framework | cpe:/a:thomas_breuss:zend_framework_integration_zend_framework |