Lucene search
K

18 matches found

OSV
OSV
added 2024/03/06 10:53 a.m.34 views

BIT-DRUPAL-2022-24775 Improper Input Validation in guzzlehttp/psr7

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS5.8AI score0.02384EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.37 views

Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory. It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an...

7.5CVSS7.5AI score0.02384EPSS
Exploits0References3
Mageia
Mageia
added 2023/07/26 10:7 p.m.46 views

Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS6.3AI score0.01216EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/07/01 12:0 a.m.44 views

FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...

7.5CVSS6AI score0.01216EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/04/29 12:0 a.m.40 views

Fedora 38 : php-nyholm-psr7 (2023-b0811dc6e4)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b0811dc6e4 advisory. Version 1.7.0 - Bump to PHP 7.2 minimum - Allow psr/http-message v2 - Use copy-on-write for streams created from strings ---- Version 1.6.1 - Security fix:...

7.5CVSS7.3AI score0.01216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/28 12:0 a.m.37 views

Fedora 37 : php-nyholm-psr7 (2023-c29ae4c76f)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c29ae4c76f advisory. Version 1.6.1 - Security fix: CVE-2023-29197 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

7.5CVSS7.3AI score0.01216EPSS
Exploits0References2
OSV
OSV
added 2023/04/21 8:27 p.m.33 views

GHSA-9JXR-MWPP-W643 Improper header validation in httpsoft/http-message

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.0.12. Workarounds The...

5.3CVSS5.8AI score0.01216EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/19 6:25 p.m.113 views

Improper header name validation in guzzlehttp/psr7

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.9.1 and 2.4.5...

7.5CVSS5.7AI score0.01216EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2023/04/17 10:15 p.m.19 views

CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS6AI score0.01216EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/04/17 9:8 p.m.35 views

CVE-2023-29197 Improper header name validation in guzzlehttp/psr7

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

5.3CVSS7.6AI score0.01216EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/04/17 9:8 p.m.42 views

CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS7.4AI score0.01216EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2023/04/17 4:0 p.m.31 views

Improper header validation

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.9.1 and 2.4.5...

7.5CVSS5.8AI score0.01216EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/03/21 7:15 p.m.18 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS0.02384EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/03/21 7:15 p.m.44 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.1AI score0.02384EPSS
Exploits0References6
Prion
Prion
added 2022/03/21 7:15 p.m.29 views

Input validation

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

5CVSS7.2AI score0.02384EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2022/03/21 7:0 p.m.91 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.3AI score0.02384EPSS
Exploits0
OSV
OSV
added 2022/03/21 7:0 p.m.27 views

CVE-2022-24775 Improper Input Validation in guzzlehttp/psr7

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.3AI score0.02384EPSS
Exploits0References6
OSV
OSV
added 2022/01/05 9:39 p.m.36 views

GO-2021-0159 Request smuggling due to improper header parsing in net/http

HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

9.8CVSS9.2AI score0.09625EPSS
Exploits0References11
Rows per page
Query Builder