Tiptap Php
Monthly
Persistent denial of service in the Tiptap for PHP library before 2.1.1 lets authenticated users crash the server-side rendering pipeline by submitting Tiptap JSON whose attrs.href is an array rather than a string. The malformed value reaches preg_match() inside Link::isAllowedUri() and triggers an unhandled TypeError; because the bad record is stored, every later attempt to render that content fails for all viewers until the database row is manually fixed. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
Persistent denial of service in the Tiptap for PHP library before 2.1.1 lets authenticated users crash the server-side rendering pipeline by submitting Tiptap JSON whose attrs.href is an array rather than a string. The malformed value reaches preg_match() inside Link::isAllowedUri() and triggers an unhandled TypeError; because the bad record is stored, every later attempt to render that content fails for all viewers until the database row is manually fixed. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.