Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04djV4LTZ2djUtanY0Z84AA8GL
amphp/http Host Header Injection vulnerability
amphp/http versions before 1.0.1 allows an attacker to supply invalid input in the Host header which may lead to various type of Host header injection attacks.
Permalink: https://github.com/advisories/GHSA-8v5x-6vv5-jv4gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04djV4LTZ2djUtanY0Z84AA8GL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 7 months ago
Identifiers: GHSA-8v5x-6vv5-jv4g
References:
- https://github.com/amphp/http/pull/4
- https://github.com/amphp/http/commit/16e465fa82555104d1cff98cb8e412295a380214
- https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http/2018-03-15.yaml
- https://github.com/amphp/http/releases/tag/v1.0.1
- https://github.com/advisories/GHSA-8v5x-6vv5-jv4g
Blast Radius: 0.0
Affected Packages
packagist:amphp/http
Dependent packages: 34Dependent repositories: 421
Downloads: 4,522,596 total
Affected Version Ranges: < 1.0.1
Fixed in: 1.0.1
All affected versions: 1.0.0
All unaffected versions: 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 2.0.0, 2.1.0, 2.1.1, 2.1.2