Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | needs-triage | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | not-affected | 7.4.3-4ubuntu2.29 |
| focal | released | 7.4.3-4ubuntu2.29 |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 8.1.2-1ubuntu2.21 |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | released | 8.3.6-0ubuntu0.24.04.4 |
| oracular | released | 8.3.11-0ubuntu0.24.10.5 |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 8.4.5-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | released | 8.4.5-1 |
| upstream | needs-triage |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
libxml streams use wrong `content-type` header when requesting a redirected resource
EPSS
5.3 Medium
CVSS3