Joas Schilling

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* through 8.0.29 PHP versions 8.1.* through 8.1.21 PHP versions 8.2.* through 8.2.7 **Description** The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be changed by other modules, such as ImageMagick, within the same process, potentially leading to the disclosure of local files accessible to PHP. The vulnerable state may persist across many requests until the process is shut down. **Recommendations** For PHP versions 8.0.* through 8.0.29, update to version 8.0.30 or later. For PHP versions 8.1.* through 8.1.21, update to version 8.1.22 or later. For PHP versions 8.2.* through 8.2.7, update to version 8.2.8 or later.