CVE-2016-5385: httpoxy vulnerability

July 18, 2016 (updated March 4, 2019)

humbug_get_contents is affected by httpoxy, a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to: * Proxy the outgoing HTTP requests made by the web application * Direct the server to open outgoing connections to an address and port of their choosing * Tie up server resources by forcing the vulnerable software to use a malicious proxy

References

github.com/humbug/file_get_contents/pull/23
github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
github.com/humbug/file_get_contents/releases/tag/1.1.2
httpoxy.org/

Code Behaviors & Features

Detect and mitigate CVE-2016-5385 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →