10 matches found
Information Disclosure
guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the checkRedirect function of RedirectMiddleware.php does not properly clear the CURLOPTHTTPAUTH option on a change of origin, allowing an attacker to get sensitive information through the Authorization...
Information Disclosure
guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to get sensitive informati...
Information Disclosure
guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to set malicious domains a...
mediawiki -- multiple vulnerabilities
Mediawiki reports: T308471 Username is not escaped in the "welcomeuser" message. T308473 Username not escaped in the contributions-title message. T309377, CVE-2022-29248 Update "guzzlehttp/guzzle" to version 6.5.6. T311384, CVE-2022-27776 Update "guzzlehttp/guzzle" to 6.5.8/7.4.5...
Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Fedora Update for php-guzzlehttp-guzzle FEDORA-2016-aef8a45afe
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php-guzzlehttp-guzzle FEDORA-2016-e2c8f5f95a
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle-5.3.1-1.fc23
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and ta kes the pain out of consuming web services. Pluggable HTTP adapters that can send requests serially or in parallel Doesn't require cURL, but uses cURL by default Streams data for both uploads and downloads Provides event...
Fedora 24 : php-guzzlehttp-guzzle (2016-aef8a45afe) (httpoxy)
5.3.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd...
Fedora 23 : php-guzzlehttp-guzzle (2016-e2c8f5f95a) (httpoxy)
5.3.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd...