Packagist (Composer) package
zendframework/zend-diactoros
pkg:composer/zendframework/zend-diactoros
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3257 | Med | 6.1 | >= 1.0.0, < 1.0.4 | 1.0.4 | Aug 25, 2017 | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. |
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.