Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade, this depency is out of date and it can leat to still authorization header.
(https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
Introduced through: guzzlehttp/[email protected], aws/[email protected], php-http/[email protected], php-opencloud/[email protected], microsoft/[email protected]
From: guzzlehttp/[email protected]
From: aws/[email protected] > guzzlehttp/[email protected]
From: php-http/[email protected] > guzzlehttp/[email protected]
##Fix:
You can update to 7.4.4, 6.5.7 to fix this information exposure.
Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade.