Psr-7 Security Vulnerabilities and Issues — Psr-7 CVE List

Lucene search

GuzzlephpPsr-7

3 matches found

CVE•added 2022/03/21 7:15 p.m.•152 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

7.5CVSS5.9AI score0.00594EPSS

CVE•added 2023/04/17 10:15 p.m.•130 views

CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many s...

7.5CVSS6.1AI score0.02483EPSS

CVE•added 2023/04/24 8:15 p.m.•85 views

CVE-2023-29530

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, ...

7.5CVSS6.5AI score0.00179EPSS