漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Configuring a proxy in a stream context might allow for CRLF injection in URIs
Vulnerability Description
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP是PHP的一种在服务器端执行的脚本语言。 PHP存在安全漏洞,该漏洞源于URI未得到正确清理。以下版本受到影响:8.1.*版本至8.1.31之前版本、8.2.*版本至8.2.26之前版本和8.3.*版本至8.3.14之前版本。
CVSS Information
N/A
Vulnerability Type
N/A