Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-6288

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00594EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-1431

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.00965EPSS
Exploits0References7
Fedora
Fedora
added 2023/04/28 2:37 a.m.57 views

[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38

A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://docs.laminas.dev/laminas-diactoros/ Autoloader: /usr/share/php/Laminas/Diactoros2/autoload.php 1...

7.5CVSS6.5AI score0.00965EPSS
Exploits0
OSV
OSV
added 2023/04/24 10:42 p.m.49 views

GHSA-XV3H-4844-9H36 HTTP Multiline Header Termination

Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...

7.5CVSS6.2AI score0.00965EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/04/24 10:42 p.m.47 views

HTTP Multiline Header Termination

Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...

7.5CVSS6AI score0.00965EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/04/24 8:15 p.m.36 views

CVE-2023-29530

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

7.5CVSS7.2AI score0.00965EPSS
Exploits0References3
Prion
Prion
added 2023/04/24 8:15 p.m.30 views

Design/Logic Flaw

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

4CVSS6.2AI score0.00965EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2023/04/24 7:34 p.m.5 views

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

7.5CVSS7.2AI score0.00965EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/24 7:34 p.m.36 views

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

7.5CVSS7.4AI score0.00965EPSS
Exploits0References3
OSV
OSV
added 2023/04/24 7:34 p.m.31 views

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

7.5CVSS6.4AI score0.00965EPSS
Exploits0References5
CVE
CVE
added 2023/04/24 7:34 p.m.101 views

CVE-2023-29530

Laminas Diactoros HTTP message implementations are affected in versions up to 2.25.0 by an issue where a leading/trailing newline in a header key or value can produce an invalid HTTP message, potentially enabling DoS or application errors. Patches are available in 2.18.1, 2.19.1, 2.20.1, 2.21.1, ...

7.5CVSS6.5AI score0.00965EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.4 views

Laminas Project diactoros 输入验证错误漏洞

Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An input validation error vulnerability exists in Laminas Project diactoros. An attacker could exploit this vulnerability to cause a denial of service on the system. The following versions are affected: version...

7.5CVSS6.8AI score0.00965EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.5 views

PT-2023-22303 · Laminas · Laminas Diactoros

Name of the Vulnerable Software and Affected Versions: Laminas Diactoros versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0 Description: The issue is related to improper header parsing, where an attacker could sneak in a newline into both the header names and...

7.5CVSS6.5AI score0.01216EPSS
Exploits0References21
Laminas
Laminas
added 2023/04/17 5:0 p.m.47 views

HTTP Multiline Header Termination Vulnerability

The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. Affected versions of Diactoros...

7.5CVSS6.9AI score0.00965EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/08/01 5:15 p.m.23 views

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS0.00594EPSS
Exploits0References3
Prion
Prion
added 2022/08/01 5:15 p.m.25 views

Design/Logic Flaw

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

5.8CVSS6AI score0.00594EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/01 4:15 p.m.11 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.8AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/08/01 4:15 p.m.33 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.9AI score0.00594EPSS
Exploits0References3
CVE
CVE
added 2022/08/01 4:15 p.m.113 views

CVE-2022-31109

CVE-2022-31109 affects laminas-diactoros (PSR-7/PSR-17 implementation). The issue arises when X-Forwarded-* headers can influence Laminas\Diactoros\Uri in the ServerRequest, potentially altering host/protocol/port and enabling XSS or URL poisoning if a linked URL uses the modified value. Mitigati...

7.2CVSS6.1AI score0.00594EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/01 4:15 p.m.14 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.2AI score0.00594EPSS
Exploits0References5
Rows per page
Query Builder