Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS) vulnerability in mikecao/flight
Vulnerability Description
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application needs it. An attacker can exploit this by sending requests with large payloads, causing excessive memory consumption and potentially exhausting available server memory, leading to application crashes or service unavailability. The vulnerability was fixed in v1.2 by implementing lazy loading of request bodies.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Flight 安全漏洞
Vulnerability Description
Flight是Mike Cao个人开发者的一个PHP微框架。 Flight v1.2之前版本存在安全漏洞,该漏洞源于Request类构造函数中请求体急切加载,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A