PHP: HTTP Request Smuggling Vulnerability in Proxy Configurations - Proactive Insights and Support For Open-Source Applications

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-11234 was detected. This vulnerability allows attackers to perform HTTP request smuggling due to improper sanitization of the URI when using streams with a proxy and the “request_fulluri” option. This could allow attackers to send arbitrary requests from the server, potentially accessing restricted resources. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11234.