Lucene search
+L

4 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/28 12:0 a.m.24 views

Fedora 38 : php-laminas-diactoros2 (2023-8cf8786a16)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8cf8786a16 advisory. Version 2.25.2 This release provides a patch for CVE-2023-29530 / GHSA-xv3h-4844-9h36 / LP2023-01. Tenable has extracted the preceding description block...

7.5CVSS6.8AI score0.00965EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/24 7:34 p.m.6 views

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

7.5CVSS7.2AI score0.00965EPSS
Exploits0References3
CVE
CVE
added 2023/04/24 7:34 p.m.101 views

CVE-2023-29530

Laminas Diactoros HTTP message implementations are affected in versions up to 2.25.0 by an issue where a leading/trailing newline in a header key or value can produce an invalid HTTP message, potentially enabling DoS or application errors. Patches are available in 2.18.1, 2.19.1, 2.20.1, 2.21.1, ...

7.5CVSS6.5AI score0.00965EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/04/18 10:20 p.m.55 views

GHSA-Q2QJ-628G-VHFW Insecure header validation in slim/psr7

Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...

6.5CVSS6.1AI score0.00743EPSS
Exploits0References9
Rows per page
Query Builder