223 matches found
CVE-2022-24894
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...
Symfony storing cookie headers in HttpCache
Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...
GHSA-H7VF-5WRV-9FHV Symfony storing cookie headers in HttpCache
Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...
CVE-2022-24894: Prevent storing cookie headers in HttpCache
Affected versions Symfony versions =2.0.0, 4.4.50, = 5.0.0, 5.4.20, = 6.0.0, 6.0.20, = 6.1.0, 6.1.12, and = 6.2.0, 6.2.6 of the Symfony Security Bundle are affected by this security issue. The issue has been fixed in Symfony 4.4.50, 5.4.20, 6.0.20, 6.1.12, and 6.2.6. All other versions are not...
PT-2023-1579 · Symfony +5 · Symfony +5
Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4 Description: The Symfony HTTP cache system acts as a reverse proxy, caching entire responses, including headers, and returning them to clients. A recent change in the AbstractSessionListener may cause the respons...
CVE-2022-25881
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
com.github.linyuzai:concept-router-spring-boot-starter (=1.1.0), org.webjars.npm:cacheable-request (=2.1.4) +5 more potentially affected by CVE-2022-25881 via org.webjars.npm:http-cache-semantics (=3.8.1)
org.webjars.npm:http-cache-semantics MAVEN version =3.8.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:http-cache-semantics and may be impacted: - com.github.linyuzai:concept-router-spring-boot-starter =1.1.0 -...
GHSA-RC47-6667-2J5J http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21418 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)
http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...
http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-44958 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-5
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
CVE-2022-25881 affects the http-cache-semantics package, specifically versions before 4.1.1. The issue can be exploited by sending malicious request header values to a server that reads the cache policy from the request using this library. This is a header/input handling vulnerability in the clie...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
http-cache-semantics 安全漏洞
npm http-cache-semantics is an application from npm USA. It is used to analyze cache controls and other headers to help build correct HTTP caches and proxies. A security vulnerability exists in versions of http-cache-semantics prior to 4.1.1, which stems from an issue that can be exploited via...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. PoC Run the following script in...