DEBIAN-CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

Design/Logic Flaw

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

UBUNTU-CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wi...

CVE-2022-31090

CVE-2022-31090 affects Guzzle (PHP HTTP client): when using the Curl handler, a request following a redirect to a different origin can keep the CURLOPT_HTTPAUTH-injected Authorization header, enabling potential exposure of sensitive credentials. Root cause: the Authorization header is not cleared...

GHSA-25MQ-V84Q-4J7R CURLOPT_HTTPAUTH option not cleared on change of origin

Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...

PT-2022-20518 · Guzzle · Guzzle

Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.8 Guzzle versions prior to 7.4.5 Description: Guzzle, an extensible PHP HTTP client, has a sensitive information leak issue. When using the Curl handler, the CURLOPT HTTPAUTH option can specify an Authorization...

CURLOPT_HTTPAUTH option not cleared on change of origin

Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...