[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2024-0132":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":47,"epss":9,"epss_history":48,"metrics":49,"affected":50},"MGASA-2024-0132","Updated php packages fix security vulnerabilities\n\nCore:\n- Corrupted memory in destructor with weak references\n- GC does not scale well with a lot of objects created in destructor\nDOM:\n- Add some missing ZPP checks.\n- Fix potential memory leak in XPath evaluation results.\nFPM:\n- Fix incorrect check in fpm_shm_free().\nGettext:\n- Fixed sigabrt raised with dcgettext/dcngettext calls with gettext\n0.22.5 with category set to LC_ALL.\nMySQLnd:\n- Fixed handshake response [mysqlnd]\n- Fix incorrect charset length in check_mb_eucjpms().\nOpcache:\n- JITed QM_ASSIGN may be optimized out when op1 is null\n- Segmentation fault for enabled observers when calling trait method of\ninternal trait when opcache is loaded\nPDO:\n- Fix various PDORow bugs.\nRandom:\n- Pre-PHP 8.2 compatibility for mt_srand with unknown modes\n- Global Mt19937 is not properly reset in-between requests when\nMT_RAND_PHP is used\nSession:\n- Segfault with session_decode and compilation error\nSockets:\n- socket_getsockname returns random characters in the end of the socket\nname\nSPL:\n- Unable to resize SplfixedArray after being unserialized in PHP 8.2.15\n- Unexpected null pointer in zend_string.h\nStandard:\n- Added validation of `\\n` in $additional_headers of mail()\n- Command injection via array-ish $command parameter of proc_open).\n(CVE-2024-1874)\nFixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to\npartial CVE-2022-31629 fix). (CVE-2024-2756)\n- password_verify can erroneously return true, opening ATO risk.\n(CVE-2024-3096)\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2024-1874",{"_key":17},"CVE-2024-2756",{"_key":19},"CVE-2024-3096",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2024-04-13T16:56:38Z","2026-04-16T04:43:28.435357797Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2024-0132.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=33093",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://www.php.net/ChangeLog-8.php#8.2.18",[34],[41,46],"WEB",[],[],[],[51],{"ecosystem":52,"name":53,"vendor":54,"product":53,"cpe_part":9,"purl_type":55,"purl_namespace":54,"purl_name":53,"source":9,"versions":56},"Mageia","php","mageia","rpm",[57],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},"lt8_2_18_1_mga9",true,"ecosystem","8.2.18-1.mga9","excluding"]