react/http Security Advisories for v0.8.7 (2)
-
[MEDIUM] ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits
PKSA-wsbn-q9bd-w7z2 CVE-2023-26044 GHSA-95x4-j7vc-h8mf
Affected version: >=0.8.0,<1.9.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
PKSA-kwfb-dvpm-qtpb CVE-2022-36032 GHSA-w3w9-vrf5-8mx8
Affected version: >=0.7.0,<1.7.0
Reported by:
GitHub, FriendsOfPHP/security-advisories