Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Archive for October 2nd, 2024
5 results.
Comment
A protocol flaw was fixed in AsyncSSH.
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable
Update to new upstream version (closes rhbz#2237124)
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable