Name of the Vulnerable Software and Affected Versions: zend-diactoros (affected versions not specified) zend-http (affected versions not specified) zend-feed (affected versions not specified)

Description: The issue concerns a potential URL rewrite exploit in the mentioned software components. It allows a malicious client or proxy to request arbitrary content by emulating specific HTTP request headers related to server-side URL rewrite mechanisms, even when these mechanisms are not in use.

Recommendations: For zend-diactoros, consider restricting access to sensitive content until a fix is available. For zend-http, avoid using the logic that introspects HTTP request headers for URL rewriting until the issue is resolved. For zend-feed, specifically its PubSubHubbub sub-component, restrict the marshaling of request URIs that include logic for URL rewrite mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.