35 matches found
Swoole 注入漏洞
Swoole is a production-oriented PHP asynchronous communication engine from China's Swoole Network Technology Company, which supports event-driven asynchronous programming model, SSL/TLS tunnel encryption and millisecond timing. A security vulnerability exists in Swoole v4.5.2, which originates fr...
CVE-2020-24275
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...
GHSA-C8RP-CGF4-937W mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...
matyhtf 路径遍历漏洞
matyhtf is a PHP framework based on the Swoole extension. A security vulnerability exists in matyhtf that stems from matyhtf framework v3.0.5 being affected by a path manipulation vulnerability in Smarty.class.php...
CVE-2019-15518
Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...
CVE-2019-15518
Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...
Directory traversal
Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...
CVE-2019-15518
CVE-2019-15518 affects Swoole releases prior to 4.2.13. The vulnerability is a directory traversal flaw in the swPort_http_static_handler, enabling an attacker to access files outside the intended web root. CVSS metrics indicate a network-based issue with low attack complexity and no authenticati...
CVE-2019-15518
Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...
Deserialization of untrusted data
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...
CVE-2018-15503
CVE-2018-15503 affects Swoole 4.0.4, where the unpack/deserialization path has insufficient size checks. An attacker can craft a serialized object to trigger a segmentation fault (SEGV) in the vulnerable unpack implementation. The available connected documents corroborate that the vulnerability a...