CVE-2014-125127

Name of the Vulnerable Software and Affected Versions mikecao/flight versions prior to v1.2

Description The mikecao/flight PHP framework is susceptible to Denial of Service (DoS) attacks. This is due to the eager loading of request bodies within the Request class constructor. The framework automatically reads the entire request body for every HTTP request, irrespective of application requirements. An attacker can exploit this by sending requests with large payloads, potentially leading to excessive memory consumption, application crashes, or service unavailability. The issue was addressed in version v1.2 by implementing lazy loading of request bodies.

Recommendations Upgrade to version 1.2 or later to resolve this issue.