51 matches found
EUVD-2023-1431
Malicious code in bioql PyPI...
EUVD-2022-5171
Malicious code in bioql PyPI...
EUVD-2022-6288
Malicious code in bioql PyPI...
URL Rewrite
zendframework/zend-diactoros is vulnerable to URL Rewrite. The vulnerability is due to marshaling a request URI that includes logic to introspect HTTP request headers specific to a server-side URL rewrite mechanism. The attacker can emulate these headers to request arbitrary content...
Zend-Diactoros URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-FQ4P-86HH-42V9 Zend-Diactoros URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-JMMP-VH96-78RM Zend-Feed URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
Zend-Feed URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-CG8W-5JRC-675G Zend-HTTP URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
Zend-HTTP URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38
A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://docs.laminas.dev/laminas-diactoros/ Autoloader: /usr/share/php/Laminas/Diactoros2/autoload.php 1...
GHSA-XV3H-4844-9H36 HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
CVE-2023-29530
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
Design/Logic Flaw
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530
Laminas Diactoros HTTP message implementations are affected in versions up to 2.25.0 by an issue where a leading/trailing newline in a header key or value can produce an invalid HTTP message, potentially enabling DoS or application errors. Patches are available in 2.18.1, 2.19.1, 2.20.1, 2.21.1, ...
Laminas Project diactoros 输入验证错误漏洞
Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An input validation error vulnerability exists in Laminas Project diactoros. An attacker could exploit this vulnerability to cause a denial of service on the system. The following versions are affected: version...