Description
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Remediation
References
Related Vulnerabilities
Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.1)
Oracle Application Server Other Vulnerability (CVE-2002-2153)
WordPress Plugin BadgeOS SQL Injection (3.7.0)
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.7.2.8)
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)