react/http

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting react/httppage 1 of 1

CVE-2022-36032MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.7.0
2022-09-06
vulnerable: v0.7.0 ... v1.6.0 (20 versions)
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names…
CVE-2023-26044MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.9.0
2023-05-17
vulnerable: v0.8.0 ... v1.8.0 (17 versions)
react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HT…

Check whether react/http is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for react/http CVEs against the assets you own.

Start Free Scan →