React Http vulnerabilities
2 known vulnerabilities affecting react/http.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-26044HIGHCVSS 7.5≥ 0.8.0, < 1.9.02023-05-17
CVE-2023-26044 [HIGH] CWE-400 ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
### Summary
Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default config
ghsaosv
CVE-2022-36032MEDIUMCVSS 5.3≥ 0.7.0, < 1.7.02022-09-16
CVE-2022-36032 [MEDIUM] CWE-20 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
### Impact
In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with co
ghsaosv