Lucene search
K
GuzzlephpPsr-7

6 matches found

CVE
CVE
added 2023/04/17 9:8 p.m.261 views

CVE-2023-29197

CVE-2023-29197 affects guzzlehttp/psr7 (PHP). Root cause: improper header parsing that allows a newline character in header names/values, bypassing termination assumptions and enabling potential information disclosure or authorization bypass as described in the advisory chain. Affected releases r...

7.5CVSS6.1AI score0.01216EPSS
CVE
CVE
added 2022/03/21 7:0 p.m.180 views

CVE-2022-24775

CVE-2022-24775 affects guzzlehttp/psr7 (PHP PSR-7 HTTP message library). Affected versions before 1.8.4 and 2.1.1 are vulnerable to improper header parsing, allowing an attacker to inject newline characters into header names/values. The issue is patched in 1.8.4 and 2.1.1. A follow-up vulnerabili...

7.5CVSS5.9AI score0.02384EPSS
CVE
CVE
added 2023/04/24 7:34 p.m.101 views

CVE-2023-29530

Laminas Diactoros HTTP message implementations are affected in versions up to 2.25.0 by an issue where a leading/trailing newline in a header key or value can produce an invalid HTTP message, potentially enabling DoS or application errors. Patches are available in 2.18.1, 2.19.1, 2.20.1, 2.21.1, ...

7.5CVSS6.5AI score0.00965EPSS
CVE
CVE
added 2026/06/11 12:34 p.m.60 views

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

5.3CVSS5.5AI score0.00198EPSS
CVE
CVE
added 2026/06/11 12:38 p.m.42 views

CVE-2026-49214

CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...

5.3CVSS5.5AI score0.00189EPSS
CVE
CVE
added 2026/06/23 3:7 p.m.16 views

CVE-2026-55766

Summary (CVE-2026-55766): guzzlehttp/psr7 (PHP) before 2.12.1 is vulnerable to CRLF injection in the HTTP start-line fields (method, protocol version, reason phrase) when attacker-controlled data ends up in those fields and the message is serialized or forwarded. The flaw requires the malformed m...

4.8CVSS5.8AI score0.00158EPSS