Nextcloud: Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)

Summary:

Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade, this depency is out of date and it can leat to still authorization header.

Steps To Reproduce:

(https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
Introduced through: guzzlehttp/[email protected], aws/[email protected], php-http/[email protected], php-opencloud/[email protected], microsoft/[email protected]
From: guzzlehttp/[email protected]
From: aws/[email protected] > guzzlehttp/[email protected]
From: php-http/[email protected] > guzzlehttp/[email protected]

##Fix:
You can update to 7.4.4, 6.5.7 to fix this information exposure.

Impact

Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade.