2 matches found
CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...
CVE-2022-31109
CVE-2022-31109 affects laminas-diactoros (PSR-7/PSR-17 implementation). The issue arises when X-Forwarded-* headers can influence Laminas\Diactoros\Uri in the ServerRequest, potentially altering host/protocol/port and enabling XSS or URL poisoning if a linked URL uses the modified value. Mitigati...