Name of the Vulnerable Software and Affected Versions: zend-diactoros (affected versions not specified) zend-http (affected versions not specified) zend-feed (affected versions not specified)

Description: The issue concerns a potential URL rewrite exploit in the mentioned software components. It involves logic that introspects HTTP request headers specific to a given server-side URL rewrite mechanism. When these headers are present on systems not running the specific URL rewriting mechanism, the logic triggers, allowing a malicious client or proxy to emulate the headers and request arbitrary content.

Recommendations: For zend-diactoros, consider restricting access to sensitive content until a fix is available. For zend-http, avoid using the URL rewriting mechanism in insecure environments to minimize the risk of exploitation. For zend-feed, specifically its PubSubHubbub sub-component, restrict access to the sub-component until a patch is available. As a temporary workaround, consider disabling the URL rewriting logic in each component until a fix is provided.