amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders
does not replace the entire set of headers, but only operates on the headers matching the given array keys.
CPE | Name | Operator | Version |
---|---|---|---|
amphp/http-client | lt | 4.4.0 |