search

swoole / swoole-src

🚀 Coroutine-based concurrency library for PHP
https://www.swoole.com
Apache License 2.0
18.64k stars 3.17k forks source link

nghttp2 v1.2.1 CVE-2015-8659 CVE-2020-11080 CVE-2023-35945 CVE-2016-1544 CVE-2023-44487 #5667

Closed info2soft closed 2 months ago

info2soft commented 3 months ago
nghttp2 | v1.2.1 | CVE-2015-8659 | 3.0 | 10.0 -- | -- | -- | -- | -- nghttp2 | v1.2.1 | CVE-2020-11080 | 3.0 | 7.5 nghttp2 | v1.2.1 | CVE-2023-35945 | 3.0 | 7.5 nghttp2 | v1.2.1 | CVE-2016-1544 | 3.0 | 3.3 nghttp2 | v1.2.1 | CVE-2023-44487 | 3.0 | 7.5

The built-in versions are too low (4.8.x and 5.x were both updated 4 years ago) , need to be upgraded

NathanFreeman commented 3 months ago

I will handle this issue as soon as possible

matyhtf commented 2 months ago

https://github.com/swoole/swoole-src/commit/f0cf643093c97e664f7278ac07aabffeff208a24