Lucene search
+L

35 matches found

CNNVD
CNNVD
added 2023/07/20 12:0 a.m.5 views

Swoole 注入漏洞

Swoole is a production-oriented PHP asynchronous communication engine from China's Swoole Network Technology Company, which supports event-driven asynchronous programming model, SSL/TLS tunnel encryption and millisecond timing. A security vulnerability exists in Swoole v4.5.2, which originates fr...

6.5CVSS7.1AI score0.00694EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/07/20 12:0 a.m.12 views

CVE-2020-24275

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

7.9AI score0.00694EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/07/29 10:26 p.m.24 views

mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack

Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...

2.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/29 10:26 p.m.27 views

GHSA-C8RP-CGF4-937W mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack

Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...

6.2AI score
Exploits0References2
CNNVD
CNNVD
added 2021/12/03 12:0 a.m.5 views

matyhtf 路径遍历漏洞

matyhtf is a PHP framework based on the Swoole extension. A security vulnerability exists in matyhtf that stems from matyhtf framework v3.0.5 being affected by a path manipulation vulnerability in Smarty.class.php...

9.8CVSS8.2AI score0.01381EPSS
Exploits1References2
NVD
NVD
added 2019/08/23 3:15 p.m.15 views

CVE-2019-15518

Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...

5.3CVSS5.3AI score0.02019EPSS
Exploits0References2
OSV
OSV
added 2019/08/23 3:15 p.m.11 views

CVE-2019-15518

Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...

5.3CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2019/08/23 3:15 p.m.12 views

Directory traversal

Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...

5CVSS5.3AI score0.02019EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/23 2:51 p.m.78 views

CVE-2019-15518

CVE-2019-15518 affects Swoole releases prior to 4.2.13. The vulnerability is a directory traversal flaw in the swPort_http_static_handler, enabling an attacker to access files outside the intended web root. CVSS metrics indicate a network-based issue with low attack complexity and no authenticati...

5.3CVSS5.3AI score0.02019EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/23 2:51 p.m.23 views

CVE-2019-15518

Swoole before 4.2.13 allows directory traversal in swPorthttpstatichandler...

5.4AI score0.02019EPSS
Exploits0References2
NVD
NVD
added 2018/08/18 2:29 a.m.15 views

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

7.5CVSS7.5AI score0.02272EPSS
Exploits0References3
OSV
OSV
added 2018/08/18 2:29 a.m.16 views

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

7.5CVSS6.7AI score0.02272EPSS
Exploits0References3
Prion
Prion
added 2018/08/18 2:29 a.m.15 views

Deserialization of untrusted data

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

5CVSS7.4AI score0.02272EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/08/18 2:0 a.m.26 views

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

7.5AI score0.02272EPSS
Exploits0References3
CVE
CVE
added 2018/08/18 2:0 a.m.43 views

CVE-2018-15503

CVE-2018-15503 affects Swoole 4.0.4, where the unpack/deserialization path has insufficient size checks. An attacker can craft a serialized object to trigger a segmentation fault (SEGV) in the vulnerable unpack implementation. The available connected documents corroborate that the vulnerability a...

7.5CVSS7.4AI score0.02272EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder