Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 2:35 p.m.11 views

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50793

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50791

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 1:16 p.m.10 views

CVE-2026-49214

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 12:38 p.m.39 views

CVE-2026-49214

CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/24 4:18 a.m.4 views

SUSE CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References4
OSV
OSV
added 2023/04/17 10:15 p.m.2 views

DEBIAN-CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS7.2AI score0.01216EPSS
Exploits0References1
OSV
OSV
added 2022/03/21 7:15 p.m.1 views

DEBIAN-CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.3AI score0.02384EPSS
Exploits0References1
OSV
OSV
added 2022/03/21 7:15 p.m.3 views

UBUNTU-CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS5.8AI score0.02384EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.20 views

PSR-7 Message Implementation 输入验证错误漏洞

PSR-7 Message Implementation is a complete PSR-7 message implementation. An input validation error vulnerability exists in PSR-7 Message Implementation version 1.8.3 and earlier and in psr7 from version 2.0.0 through 2.1.0. An attacker can add a new line of characters and pass untrusted values...

7.5CVSS7.2AI score0.02384EPSS
Exploits0References9
Rows per page
Query Builder