In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...

Stream HTTP wrapper header check might omit basic auth header

Уязвимость функции check_has_header() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

ELSA-2025-7431: php security update (MODERATE)

Security update for php7

Security update for php7

Security update for php8

Security update for php8

ELSA-2025-7489: php security update (IMPORTANT)

ELSA-2025-7418: php:8.3 security update (IMPORTANT)

ELSA-2025-7432: php:8.2 security update (MODERATE)

ELSA-2025-4263: php:8.1 security update (MODERATE)

Множественные уязвимости php 8.3

Множественные уязвимости php 8.2

Множественные уязвимости php 8.1