4.7

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-fq4p-86hh-42v9

EPSS Score

CWE

CWE-352

Published

6/7/2024

Updated

6/7/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-fq4p-86hh-42v9

GHSA-fq4p-86hh-42v9: Zend-Diactoros URL Rewrite vulnerability

zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content.

(GitHub Advisory)

4.7

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-fq4p-86hh-42v9

EPSS Score

CWE

CWE-352

Published

6/7/2024

Updated

6/7/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
zendframework/zend-diactoros	composer	>= 1.0.0, < 1.8.4	1.8.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from URI marshaling logic that trusted X-Rewrite-Url/X-Original-Url headers. The commit 3a4f44f explicitly removes handling of these headers in marshalUriFromSapi(), and the patch diff shows removal of HTTP_X_REWRITE_URL/HTTP_X_ORIGINAL_URL checks in this function. The CWE-352 mapping indicates this was a trust-of-unvalidated-input issue in request URI determination.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

z*n*-*i**toros (*n*, *y *xt*nsion, *xpr*ssiv*), z*n*-*ttp (*n*, *y *xt*nsion, Z*n* *r*m*work MV* proj**ts), *n* z*n*-**** (sp**i*i**lly, its Pu*Su**u**u* su*-*ompon*nt) **** *ont*in * pot*nti*l URL r*writ* *xploit. In **** **s*, m*rs**lin* * r*qu*st

Reasoning

T** vuln*r**ility st*mm** *rom URI m*rs**lin* lo*i* t**t trust** X-R*writ*-Url/X-Ori*in*l-Url *****rs. T** *ommit ******* *xpli*itly r*mov*s **n*lin* o* t**s* *****rs in m*rs**lUri*romS*pi(), *n* t** p*t** *i** s*ows r*mov*l o* *TTP_X_R*WRIT*_URL/*TT

4.7

Basic Information

Concerned about an active attack path?

GHSA-fq4p-86hh-42v9: Zend-Diactoros URL Rewrite vulnerability

4.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI