223 matches found
CVE-2022-24894
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...
Symfony storing cookie headers in HttpCache
Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...
GHSA-H7VF-5WRV-9FHV Symfony storing cookie headers in HttpCache
Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...
CVE-2022-24894: Prevent storing cookie headers in HttpCache
Affected versions Symfony versions =2.0.0, 4.4.50, = 5.0.0, 5.4.20, = 6.0.0, 6.0.20, = 6.1.0, 6.1.12, and = 6.2.0, 6.2.6 of the Symfony Security Bundle are affected by this security issue. The issue has been fixed in Symfony 4.4.50, 5.4.20, 6.0.20, 6.1.12, and 6.2.6. All other versions are not...
PT-2023-1579 · Symfony +5 · Symfony +5
Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4 Description: The Symfony HTTP cache system acts as a reverse proxy, caching entire responses, including headers, and returning them to clients. A recent change in the AbstractSessionListener may cause the respons...
CVE-2022-25881
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
com.github.linyuzai:concept-router-spring-boot-starter (=1.1.0), org.webjars.npm:cacheable-request (=2.1.4) +5 more potentially affected by CVE-2022-25881 via org.webjars.npm:http-cache-semantics (=3.8.1)
org.webjars.npm:http-cache-semantics MAVEN version =3.8.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:http-cache-semantics and may be impacted: - com.github.linyuzai:concept-router-spring-boot-starter =1.1.0 -...
GHSA-RC47-6667-2J5J http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21418 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)
http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...
http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-44958 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-5
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
CVE-2022-25881 affects the http-cache-semantics package, specifically versions before 4.1.1. The issue can be exploited by sending malicious request header values to a server that reads the cache policy from the request using this library. This is a header/input handling vulnerability in the clie...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
http-cache-semantics 安全漏洞
npm http-cache-semantics is an application from npm USA. It is used to analyze cache controls and other headers to help build correct HTTP caches and proxies. A security vulnerability exists in versions of http-cache-semantics prior to 4.1.1, which stems from an issue that can be exploited via...
@2109-t5/server (>=1.0.0 <=1.0.9), @accounter/green-invoice-graphql (>=0.7.2-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8 <=0.7.3-alpha-20250224164805-3a96c9f8d619656e3b6a8c0d26319b937adbafe6) +207 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=4.0.3 <=4.1.0)
http-cache-semantics NPM version =4.0.3, =1.0.0, =0.7.2-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =0.2.3-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =0.2.3-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =1.1.3, =3.0.0, =1.9.19, =1.18.0,...