GHSA-8v5x-6vv5-jv4g

Suggest an improvement
Source
https://github.com/advisories/GHSA-8v5x-6vv5-jv4g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-8v5x-6vv5-jv4g/GHSA-8v5x-6vv5-jv4g.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8v5x-6vv5-jv4g
Published
2024-05-15T17:52:41Z
Modified
2024-11-29T05:32:49.667467Z
Summary
amphp/http Host Header Injection vulnerability
Details

amphp/http versions before 1.0.1 allows an attacker to supply invalid input in the Host header which may lead to various type of Host header injection attacks.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T17:52:41Z"
}
References

Affected packages

Packagist / amphp/http

Package

Name
amphp/http
Purl
pkg:composer/amphp/http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1

Affected versions

v1.*

v1.0.0