Lucene search
K

13 matches found

CVE
CVE
added 2026/06/23 3:7 p.m.12 views

CVE-2026-55766

Summary (CVE-2026-55766): guzzlehttp/psr7 (PHP) before 2.12.1 is vulnerable to CRLF injection in the HTTP start-line fields (method, protocol version, reason phrase) when attacker-controlled data ends up in those fields and the message is serialized or forwarded. The flaw requires the malformed m...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/19 2:17 p.m.4 views

GHSA-WPWQ-4J6V-78M3 guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/06/18 9:49 a.m.6 views

CRLF injection in HTTP start-line serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50793

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 3:20 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the host component of a URI when constructing a PSR-7 Uri or Request. An attacker can inject arbitrary HTTP headers by supplying a crafted host value containing ASCII control characters, such as CRLF, which a...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 1:16 p.m.12 views

CVE-2026-48998

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS0.00198EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-31043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https...

7.5CVSS7.1AI score0.0182EPSS
Exploits0References2
OSV
OSV
added 2023/04/17 10:15 p.m.3 views

UBUNTU-CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS7AI score0.01216EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/06/13 12:0 a.m.17 views

Drupal 9.4.x < 9.4.0-rc2 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.21, 9.3.x prior to 9.3.16 or 9.4.x prior to 9.4.0-rc2. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has release...

7.5CVSS7.7AI score0.0182EPSS
Exploits0References6
Drupal
Drupal
added 2022/05/25 12:0 a.m.51 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...

8.1CVSS0.4AI score0.01239EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2022/03/22 12:0 a.m.55 views

Drupal 9.3.x < 9.3.9 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.16 or 9.3.x prior to 9.3.9. It is, therefore, affected by an improper header parsing due to its usage of a third party component, Guzzle library for handling HTTP requests and...

7.5CVSS7.3AI score0.02384EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/03/22 12:0 a.m.12 views

Drupal 9.2.x < 9.2.16 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.16 or 9.3.x prior to 9.3.9. It is, therefore, affected by an improper header parsing due to its usage of a third party component, Guzzle library for handling HTTP requests and...

7.5CVSS7.3AI score0.02384EPSS
Exploits0References4
Drupal
Drupal
added 2022/03/21 12:0 a.m.42 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites. We are issuing this security advisory outside our regular Drupal security release window schedule since Guzzle has...

7.5CVSS0.3AI score0.02384EPSS
Exploits0References13
Rows per page
Query Builder