zend-diactoros Cross-site Scripting (XSS)
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 23, 2024
Package
Affected versions
>= 1.0.0, < 1.0.4
Patched versions
1.0.4
Description
Published by the National Vulnerability Database
Aug 25, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Apr 23, 2024
Last updated
Apr 23, 2024
Zend/Diactoros/Uri::filterPathin zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.References