Lucene search
K

4 matches found

OSV
OSV
added 2026/06/11 1:5 p.m.6 views

GHSA-Q8R6-5HFW-5JFF guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 1:4 p.m.13 views

guzzlehttp/psr7 has CRLF Injection via URI Host Component

Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/11 12:42 p.m.36 views

CVE-2026-53723

Guzzle Services (guzzlehttp/guzzle-services) contains an XML request serialization flaw in versions before 1.5.4 where scalar XML element values may include the CDATA terminator ]]>, causing the CDATA to end early and injecting XML markup into outgoing requests. This is an outgoing request‑bod...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 a.m.28 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS0.00338EPSS
Exploits0References7
Rows per page
Query Builder