In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Link | Tags |
---|---|
https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g | vendor advisory exploit |
https://security.netapp.com/advisory/ntap-20250523-0008/ |