Description

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application needs it. An attacker can exploit this by sending requests with large payloads, causing excessive memory consumption and potentially exhausting available server memory, leading to application crashes or service unavailability. The vulnerability was fixed in v1.2 by implementing lazy loading of request bodies.

INFO

Published Date :

2025-09-03T08:35:05.988Z

Last Modified :

2025-09-03T13:20:06.873Z

Source :

Checkmarx
AFFECTED PRODUCTS

The following products are affected by CVE-2014-125127 vulnerability.

Vendors Products
Flight Project
  • Flight
Flightphp
  • Flight
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2014-125127.

URL Resource
https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2014/CVE-2014-125127 cve-icon cve-icon cve-icon
https://github.com/mikecao/flight/commit/da40e03eb4a39745107912dffe926a8fce0d38dc cve-icon cve-icon
https://github.com/mikecao/flight/pull/125 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact