Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.
7.8AI Score
0.006EPSS
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An ...
6.5CVSS
6.5AI Score
0.001EPSS