PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 866
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
GHSA-rwp7-7vc6-8477
Reference counting in php_request_shutdown causes Use-After-Free
GHSA-wg4p-4hqh-c3g9
Possible out of bounds read when XML_OPTION_SKIP_TAGSTART used
GHSA-p3x9-6h7p-cgfc
libxml streams use wrong `content-type` header when requesting a redirected resource
GHSA-hgf5-96fm-v528
Stream HTTP wrapper header check might omit basic auth header
GHSA-52jp-hrpf-2jff
Stream HTTP wrapper truncate redirect location to 1024 bytes
GHSA-pcmh-g36c-qc44
Streams HTTP wrapper does not fail for headers with invalid name and no colon
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2025-1217 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. | CVSS3: 3.1 | 0% Низкий | 6 месяцев назад |
| CVE-2025-1217 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ... | CVSS3: 3.1 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-1217 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. | CVSS3: 3.1 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-1217 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. | CVSS3: 3.7 | 0% Низкий | 6 месяцев назад |
| GHSA-rwp7-7vc6-8477 Reference counting in php_request_shutdown causes Use-After-Free | 0% Низкий | 6 месяцев назад | |
| GHSA-wg4p-4hqh-c3g9 Possible out of bounds read when XML_OPTION_SKIP_TAGSTART used | 6 месяцев назад | ||
| GHSA-p3x9-6h7p-cgfc libxml streams use wrong `content-type` header when requesting a redirected resource | 0% Низкий | 6 месяцев назад | |
| GHSA-hgf5-96fm-v528 Stream HTTP wrapper header check might omit basic auth header | 0% Низкий | 6 месяцев назад | |
| GHSA-52jp-hrpf-2jff Stream HTTP wrapper truncate redirect location to 1024 bytes | 0% Низкий | 6 месяцев назад | |
| GHSA-pcmh-g36c-qc44 Streams HTTP wrapper does not fail for headers with invalid name and no colon | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу