Veracode Vulnerability DatabaseVERACODE:40379Improper Input Validation
0.001 Low
EPSS
Percentile
30.9%
laminas/laminas-diactoros is vulnerable to Improper input Validation. The vulnerability exists because single new line characters are used between header keys or values allowing an attacker to create invalid messages, which can cause different application errors due to the syntactically incorrect headers, or they can cause Denial of Service if a firewall is put in place to block malicious requests on the network.
References
github.com/advisories/GHSA-wxmh-65f7-jcvw
github.com/laminas/laminas-diactoros/commit/238a44a208dc3e2d5d3478b6c7ad13e866d26253
github.com/laminas/laminas-diactoros/commit/2bc0d0bc2d15a3182d7853f761b6b7d2754821fe
github.com/laminas/laminas-diactoros/commit/4c4b0652275017603c5a64f02620b3c09c2976e7
github.com/laminas/laminas-diactoros/commit/61577ffc96ae313c5a98089ec1c2e0eb8ae9c64b
github.com/laminas/laminas-diactoros/commit/61aa7eaa0e8169688779d92a63a8a80ceb16a8c9
github.com/laminas/laminas-diactoros/commit/70ccc2ac176ce358d1722bb0769c17d65dc72819
github.com/laminas/laminas-diactoros/commit/a7f26f822c03456a443a395f26c999dfcc3087c2
github.com/laminas/laminas-diactoros/commit/f0568f654d0a1a6aaedc886542b4cafa2abf4ada
github.com/laminas/laminas-diactoros/commit/fdd691f07f32cd5bdf958178a04cece6ba4681ed
github.com/laminas/laminas-diactoros/security/advisories/GHSA-xv3h-4844-9h36
lists.fedoraproject.org/archives/list/[email protected]/message/BPW54QK7ISDALPLP2CKODU4ZIVRYS336/
Related
