漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Vulnerability Description
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Laminas Project diactoros 输入验证错误漏洞
Vulnerability Description
Laminas Project diactoros是Laminas Project的PSR HTTP 消息实现。 Laminas Project diactoros存在输入验证错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下版本受到影响:2.18.0版本及之前版本、2.19.0版本、2.20.0版本、2.21.0版本、2.22.0版本、2.23.0版本、2.24.0版本、2.25.0版本。
CVSS Information
N/A
Vulnerability Type
N/A