CVE-2014-125127 (CNNVD-202509-358)
中文标题:
Flight 安全漏洞
英文标题:
Denial of Service (DoS) vulnerability in mikecao/flight
漏洞描述
中文描述:
Flight是Mike Cao个人开发者的一个PHP微框架。 Flight v1.2之前版本存在安全漏洞,该漏洞源于Request类构造函数中请求体急切加载,可能导致拒绝服务攻击。
英文描述:
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application needs it. An attacker can exploit this by sending requests with large payloads, causing excessive memory consumption and potentially exhausting available server memory, leading to application crashes or service unavailability. The vulnerability was fixed in v1.2 by implementing lazy loading of request bodies.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| flightphp | core | - | ≤ v1.1.10 | - |
cpe:2.3:a:flightphp:core:*:*:*:*:*:*:*:*
|
| flightphp | flight | * | - | - |
cpe:2.3:a:flightphp:flight:*:*:*:*:*:php:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2014-125127 |
2025-11-11 15:18:43 | 2025-11-11 07:33:44 |
| NVD | nvd_CVE-2014-125127 |
2025-11-11 14:54:39 | 2025-11-11 07:42:29 |
| CNNVD | cnnvd_CNNVD-202509-358 |
2025-11-11 15:12:55 | 2025-11-11 08:00:13 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 2
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-358
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']