Description
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =7.4.21-1+deb11u1 || =7.4.25-1+deb11u1 || =7.4.26-1 || =7.4.28-1+deb11u1 || =7.4.30-1+deb11u1 || =7.4.33-1+deb11u1 || =7.4.33-1+deb11u3 || =7.4.33-1+deb11u4 || =7.4.33-1+deb11u5 || =7.4.33-1+deb11u6 || =7.4.33-1+deb11u7 || >=0 <7.4.33-1+deb11u8 | 7.4.33-1+deb11u8 |
debian 12 | | =8.2.10-1 || =8.2.10-2 || =8.2.12-1 || =8.2.16-1 || =8.2.16-2 || =8.2.17-1 || =8.2.18-1 || =8.2.18-1~deb12u1 || =8.2.20-1~deb12u1 || =8.2.20-2 || =8.2.20-3 || =8.2.21-1 || =8.2.23-1 || =8.2.24-1 || =8.2.24-1~deb12u1 || =8.2.26-1~deb12u1 || =8.2.26-4 || =8.2.27-1 || =8.2.5-2 || =8.2.7-1 || =8.2.7-1.1 || =8.2.7-1.2 || =8.2.7-1~deb12u1 || >=0 <8.2.28-1~deb12u1 | 8.2.28-1~deb12u1 |
debian 13 | | | 8.4.5-1 |
debian 14 | | | 8.4.5-1 |
 rpm rhel10 | | | 0:8.3.19-1.el10_0 |
rpm rhel9 | | | 0:8.0.30-3.el9_6 |
rpm rhel6 | | - | - |
rpm rhel7 | | - | - |
rpm rhel8 | | <0:7.4.33-3.module+el8.10.0+23902+d3c8dd8f | 0:7.4.33-3.module+el8.10.0+23902+d3c8dd8f |
