|
1 | 1 | { |
2 | | - "lastUpdatedDate": "2025-07-03T02:53:58+0000", |
| 2 | + "lastUpdatedDate": "2025-07-03T13:38:40+0000", |
3 | 3 | "name": "PHP Version Audit", |
4 | 4 | "website": "https://github.com/lightswitch05/php-version-audit", |
5 | 5 | "licence": "https://github.com/lightswitch05/php-version-audit/blob/master/LICENSE", |
6 | 6 | "source": "https://www.github.developerdan.com/php-version-audit/rules-v1.json", |
7 | | - "releasesCount": 525, |
| 7 | + "releasesCount": 527, |
8 | 8 | "cveCount": 104, |
9 | 9 | "supportVersionsCount": 23, |
10 | | - "latestVersion": "8.4.8", |
| 10 | + "latestVersion": "8.4.10", |
11 | 11 | "latestVersions": { |
12 | 12 | "4": "4.4.9", |
13 | 13 | "4.0": "4.0.6", |
|
29 | 29 | "7.2": "7.2.34", |
30 | 30 | "7.3": "7.3.33", |
31 | 31 | "7.4": "7.4.33", |
32 | | - "8": "8.4.8", |
| 32 | + "8": "8.4.10", |
33 | 33 | "8.0": "8.0.30", |
34 | 34 | "8.1": "8.1.32", |
35 | | - "8.2": "8.2.28", |
| 35 | + "8.2": "8.2.29", |
36 | 36 | "8.3": "8.3.22", |
37 | | - "8.4": "8.4.8" |
| 37 | + "8.4": "8.4.10" |
38 | 38 | }, |
39 | 39 | "supportEndDates": { |
40 | 40 | "3.0": { |
|
3305 | 3305 | "CVE-2025-1861" |
3306 | 3306 | ] |
3307 | 3307 | }, |
| 3308 | + "8.2.29": { |
| 3309 | + "releaseDate": "2025-07-03T00:00:00+0000", |
| 3310 | + "patchedCves": [ |
| 3311 | + "CVE-2025-1220", |
| 3312 | + "CVE-2025-1735", |
| 3313 | + "CVE-2025-6491" |
| 3314 | + ] |
| 3315 | + }, |
3308 | 3316 | "8.3.0": { |
3309 | 3317 | "releaseDate": "2023-11-23T00:00:00+0000", |
3310 | 3318 | "patchedCves": [] |
|
3458 | 3466 | "8.4.8": { |
3459 | 3467 | "releaseDate": "2025-06-05T00:00:00+0000", |
3460 | 3468 | "patchedCves": [] |
| 3469 | + }, |
| 3470 | + "8.4.10": { |
| 3471 | + "releaseDate": "2025-07-03T00:00:00+0000", |
| 3472 | + "patchedCves": [ |
| 3473 | + "CVE-2025-1220", |
| 3474 | + "CVE-2025-1735", |
| 3475 | + "CVE-2025-6491" |
| 3476 | + ] |
3461 | 3477 | } |
3462 | 3478 | }, |
3463 | 3479 | "cves": { |
|
3983 | 3999 | "id": "CVE-2022-31631", |
3984 | 4000 | "baseScore": null, |
3985 | 4001 | "publishedDate": "2025-02-12T22:15:00+0000", |
3986 | | - "lastModifiedDate": "2025-02-13T16:15:00+0000", |
| 4002 | + "lastModifiedDate": "2025-07-02T21:35:00+0000", |
3987 | 4003 | "description": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities." |
3988 | 4004 | }, |
3989 | 4005 | "CVE-2022-37454": { |
|
4109 | 4125 | "id": "CVE-2024-8929", |
4110 | 4126 | "baseScore": null, |
4111 | 4127 | "publishedDate": "2024-11-22T07:15:00+0000", |
4112 | | - "lastModifiedDate": "2025-01-10T13:15:00+0000", |
| 4128 | + "lastModifiedDate": "2025-07-02T20:11:00+0000", |
4113 | 4129 | "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server." |
4114 | 4130 | }, |
4115 | 4131 | "CVE-2024-8932": { |
4116 | 4132 | "id": "CVE-2024-8932", |
4117 | 4133 | "baseScore": null, |
4118 | 4134 | "publishedDate": "2024-11-22T06:15:00+0000", |
4119 | | - "lastModifiedDate": "2025-01-10T13:15:00+0000", |
| 4135 | + "lastModifiedDate": "2025-07-02T20:08:00+0000", |
4120 | 4136 | "description": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()\u00a0function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write." |
4121 | 4137 | }, |
4122 | 4138 | "CVE-2024-9026": { |
|
4170 | 4186 | }, |
4171 | 4187 | "CVE-2025-1734": { |
4172 | 4188 | "id": "CVE-2025-1734", |
4173 | | - "baseScore": null, |
| 4189 | + "baseScore": 5.3, |
4174 | 4190 | "publishedDate": "2025-03-30T06:15:00+0000", |
4175 | | - "lastModifiedDate": "2025-05-23T14:15:00+0000", |
| 4191 | + "lastModifiedDate": "2025-07-02T20:13:00+0000", |
4176 | 4192 | "description": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers." |
4177 | 4193 | }, |
4178 | 4194 | "CVE-2025-1736": { |
4179 | 4195 | "id": "CVE-2025-1736", |
4180 | | - "baseScore": null, |
| 4196 | + "baseScore": 7.3, |
4181 | 4197 | "publishedDate": "2025-03-30T06:15:00+0000", |
4182 | | - "lastModifiedDate": "2025-05-23T14:15:00+0000", |
| 4198 | + "lastModifiedDate": "2025-07-02T20:14:00+0000", |
4183 | 4199 | "description": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted." |
4184 | 4200 | }, |
4185 | 4201 | "CVE-2025-1861": { |
4186 | 4202 | "id": "CVE-2025-1861", |
4187 | | - "baseScore": null, |
| 4203 | + "baseScore": 9.8, |
4188 | 4204 | "publishedDate": "2025-03-30T06:15:00+0000", |
4189 | | - "lastModifiedDate": "2025-05-23T14:15:00+0000", |
| 4205 | + "lastModifiedDate": "2025-07-02T20:17:00+0000", |
4190 | 4206 | "description": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location." |
4191 | 4207 | } |
4192 | 4208 | } |
|
0 commit comments