CPE Details
Getlaminas laminas-diactoros 2.17.0
2.17.0
2023-05-02
12h07 +00:00
12h07 +00:00
2023-05-03
17h03 +00:00
17h03 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:getlaminas:laminas-diactoros:2.17.0:*:*:*:*:*:*:*
Informations
Vendor
getlaminasProduct
laminas-diactorosVersion
2.17.0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`. | 7.5 |
High |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.