Reactphp Http vulnerabilities
2 known vulnerabilities affecting reactphp/http.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-26044MEDIUMCVSS 5.3≥ 0.8.0, < 1.9.0v>= 0.8.0, < 1.9.02023-05-17
CVE-2023-26044 [MEDIUM] CWE-400 CVE-2023-26044: react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previo
react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited
cvelistv5nvd
CVE-2022-36032MEDIUMCVSS 5.3≥ 0.7.0, < 1.7.0v>= 0.7.0, < 1.7.02022-09-06
CVE-2022-36032 [MEDIUM] CWE-20 CVE-2022-36032: ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that
cvelistv5nvd