{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110487?format=json","vulnerability_id":"VCID-fr6v-6ctc-13aj","summary":"Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack\n### Impact\n\nApplications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `Laminas\\Diactoros\\Uri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-*` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning.\n\n### Patches\n\nAny version after 2.11.0.\n\nStarting in laminas/laminas-diactoros 2.11.1, we have added `Laminas\\Diactoros\\ServerRequestFilter\\FilterServerRequestInterface`, which defines the single method `__invoke(Psr\\Http\\Message\\ServerRequestInterface $request): Psr\\Http\\Message\\ServerRequestInterface`. Filters implementing this interface allow modifying and returning a generated `ServerRequest`.\n\nThe primary use case of the interface is to allow modifying the generated URI based on the presence of headers such as `X-Forwarded-Host`. When operating behind a reverse proxy, the `Host` header is often rewritten to the name of the node to which the request is being forwarded, and an `X-Forwarded-Host` header is generated with the original `Host` value to allow the server to determine the original host the request was intended for. (We have always examined the `X-Forwarded-Proto` header; as of Diactoros 2.11.1, we also examine the `X-Forwarded-Port` header.) To accommodate this use case, we created Laminas\\Diactoros\\ServerRequestFilter\\FilterUsingXForwardedHeaders.\n\nDue to potential security issues, it is generally best to only accept these headers if you trust the reverse proxy that has initiated the request.\n(This value is found in `$_SERVER['REMOTE_ADDR']`, which is present as `$request->getServerParams()['REMOTE_ADDR']` within PSR-7 implementations.) `FilterUsingXForwardedHeaders` provides named constructors to allow you to trust these headers from any source (which has been the default behavior of Diactoros since the beginning), or to specify specific IP addresses or CIDR subnets to trust, along with which headers are trusted.\n\n`Laminas\\Diactoros\\ServerRequestFactory::fromGlobals()` was updated to accept a `FilterServerRequestInterface` as an additional, optional argument. Since the `X-Forwarded-*` headers do have valid use cases, particularly in clustered environments using a load balancer, to prevent backwards compatibility breaks, if no filter is provided, we generate an instance via `FilterUsingXForwardedHeaders::trustReservedSubnets()`, which generates an instance marked to trust only proxies on private subnets.\n\n### Workarounds\n\nInfrastructure or DevOps can configure web servers to reject `X-Forwarded-*` headers at the web server level.\n\nUsers of laminas/laminas-diactoros can make use of the `Laminas\\Diactoros\\RequestFilter\\RequestFilterInterface` functionality in order to either (a) disable usage of the `X-Forwarded-*` headers entirely, (b) opt-in to it, or (c) opt-in to the usage for configured proxy servers.\n\n### References\n\n- [HTTP Host Header Attacks](https://portswigger.net/web-security/host-header)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [laminas/laminas-diactoros](https://github.com/laminas/laminas-diactoros/)\n- [Email us](mailto:security@getlaminas.org)","aliases":[{"alias":"CVE-2022-31109"},{"alias":"GHSA-8274-h5jp-97vr"},{"alias":"GMS-2022-3226"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149170?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.11.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187916?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187917?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187918?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187919?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187920?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/187921?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/187922?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187923?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187924?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187925?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187926?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/187927?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187928?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187929?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187930?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187931?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187932?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187933?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/187934?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/187935?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/187936?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/187937?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/187938?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/187939?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.10"},{"url":"http://public2.vulnerablecode.io/api/packages/187940?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/187941?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187942?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187943?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187944?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187945?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187946?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187947?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187948?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187949?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.0p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.0p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187950?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.0p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.0p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187951?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187952?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.1p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.1p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187953?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.1p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.1p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187954?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187955?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.2p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.2p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187956?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.2p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.2p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187957?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187958?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.3p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.3p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187959?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.3p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.3p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187960?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187961?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.4p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.4p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187962?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.4p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.4p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187963?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/187964?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.5p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.5p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187965?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.5p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.5p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187966?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/187967?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.6p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.6p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187968?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.6p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.6p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187969?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/187970?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.7p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.7p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187971?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.7p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.7p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187972?format=json","purl":"pkg:composer/laminas/laminas-diactoros@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@1.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/187973?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.0p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.0p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187974?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.0p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.0p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187975?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187976?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.1p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.1p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187977?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.1p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.1p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187978?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187979?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.2p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.2p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187980?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.2p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.2p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187981?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187982?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.3p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.3p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187983?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.3p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.3p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187984?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187985?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.0p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.0p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187986?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.0p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.0p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187987?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187988?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.1p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.1p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187989?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.1p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.1p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187990?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187991?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.2p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.2p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187992?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.2p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.2p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187993?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187994?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.3p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.3p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187995?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.3p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.3p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187996?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187997?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.4p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.4p1"},{"url":"http://public2.vulnerablecode.io/api/packages/187998?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.4p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.4p2"},{"url":"http://public2.vulnerablecode.io/api/packages/187999?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/188000?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.5p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.5p1"},{"url":"http://public2.vulnerablecode.io/api/packages/188001?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.5p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.5p2"},{"url":"http://public2.vulnerablecode.io/api/packages/188002?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/188003?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.0p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.0p1"},{"url":"http://public2.vulnerablecode.io/api/packages/188004?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.0p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.0p2"},{"url":"http://public2.vulnerablecode.io/api/packages/188005?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188006?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.1p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.1p1"},{"url":"http://public2.vulnerablecode.io/api/packages/188007?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.1p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.1p2"},{"url":"http://public2.vulnerablecode.io/api/packages/188008?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/188009?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/188010?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/188011?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188012?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/188013?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/188014?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188015?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/188016?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188017?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/188018?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188019?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188020?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188021?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188022?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/188023?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/188024?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/188025?format=json","purl":"pkg:composer/laminas/laminas-diactoros@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fr6v-6ctc-13aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.11.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31109","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5994","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31109"},{"reference_url":"https://github.com/advisories/GHSA-8274-h5jp-97vr","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8274-h5jp-97vr"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laminas/laminas-diactoros/CVE-2022-31109.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/laminas/laminas-diactoros/CVE-2022-31109.yaml"},{"reference_url":"https://github.com/laminas/laminas-diactoros","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laminas/laminas-diactoros"},{"reference_url":"https://github.com/laminas/laminas-diactoros/commit/25b11d422c2e5dad868f68619888763b30f91e2d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laminas/laminas-diactoros/commit/25b11d422c2e5dad868f68619888763b30f91e2d"},{"reference_url":"https://github.com/laminas/laminas-diactoros/releases/tag/2.11.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laminas/laminas-diactoros/releases/tag/2.11.1"},{"reference_url":"https://github.com/laminas/laminas-diactoros/security/advisories/GHSA-8274-h5jp-97vr","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/laminas/laminas-diactoros/security/advisories/GHSA-8274-h5jp-97vr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31109","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31109"},{"reference_url":"https://portswigger.net/web-security/host-header","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portswigger.net/web-security/host-header"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fr6v-6ctc-13aj"}