58 matches found
Laminas Project laminas-http - Remote Code Execution
Laminas Project laminas-http 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by destruct method in Zend\Http\Response\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data. id: CVE-2021-3007...
Exploit for Deserialization of Untrusted Data in Getlaminas Laminas-Http
CVE-2021-3007 Vulnerable Test Environment !Dockerhttps://...
Exploit for Deserialization of Untrusted Data in Getlaminas Laminas-Http
CVE-2021-3007 — Laminas/Zend HTTP Deserialization RCE ==========...
EUVD-2023-1431
Malicious code in bioql PyPI...
EUVD-2022-0630
Malicious code in bioql PyPI...
EUVD-2022-6288
Malicious code in bioql PyPI...
CVE-2021-3007
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...
[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38
A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://docs.laminas.dev/laminas-diactoros/ Autoloader: /usr/share/php/Laminas/Diactoros2/autoload.php 1...
Fedora 38 : php-laminas-diactoros2 (2023-8cf8786a16)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8cf8786a16 advisory. Version 2.25.2 This release provides a patch for CVE-2023-29530 / GHSA-xv3h-4844-9h36 / LP2023-01. Tenable has extracted the preceding description block...
GHSA-XV3H-4844-9H36 HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
CVE-2023-29530
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
Design/Logic Flaw
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530
Laminas Diactoros HTTP message implementations are affected in versions up to 2.25.0 by an issue where a leading/trailing newline in a header key or value can produce an invalid HTTP message, potentially enabling DoS or application errors. Patches are available in 2.18.1, 2.19.1, 2.20.1, 2.21.1, ...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...
Laminas Project diactoros 输入验证错误漏洞
Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An input validation error vulnerability exists in Laminas Project diactoros. An attacker could exploit this vulnerability to cause a denial of service on the system. The following versions are affected: version...
PT-2023-22303 · Laminas · Laminas Diactoros
Name of the Vulnerable Software and Affected Versions: Laminas Diactoros versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0 Description: The issue is related to improper header parsing, where an attacker could sneak in a newline into both the header names and...
HTTP Multiline Header Termination Vulnerability
The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. Affected versions of Diactoros...